Configuring radius – Cisco 10000 User Manual

Page 279

Advertising
background image

10-9

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 10 Configuring Address Pools

On-Demand Address Pool Manager

For an example of how to configure AAA, see

Example 10-3

in the

“Configuring RADIUS” section on

page 10-9

.

Configuring RADIUS

To configure RADIUS on the Cisco 10000 router, enter the following commands in global configuration
mode:

Example 10-3

configures an address pool named Green and a RADIUS server from which the Green

address pool obtains its subnets. The RADIUS server is located at the IP address 172.16.1.1.

Example 10-3 Configuring AAA and RADIUS

!

aaa new-model

!

aaa authorization configuration default group radius

aaa accounting network default start-stop group radius

aaa session-id common

!

ip subnet-zero

!

ip dhcp ping packets 0

!

ip dhcp pool Green

vrf Green

utilization mark high 50

utilization mark low 30

origin aaa subnet size initial /28 autogrow /28

!

ip vrf Green

rd 300:1

route-target export 300:1

route-target import 300:1

!

interface Ethernet1/1

ip address 172.16.1.12 255.255.255.0

duplex half

Command

Purpose

Step 1

Router(config)# ip radius

source-interface

subinterface-name

Forces the Cisco 10000 router to use the IP address of the
specified interface for all outgoing RADIUS packets.

Step 2

Router(config)# radius-server host

ip-address auth-port port-number

acct-port

port-number

Specifies a RADIUS server host.

Step 3

Router(config)# radius server attribute

32 include-in-access-req

Sends RADIUS attribute 32 (NAS-Identifier) in an access request
or accounting request.

Step 4

Router(config)# radius server attribute

44 include-in-access-req

Sends RADIUS attribute 44 (Accounting Session ID) in an access
request or accounting request.

Step 5

Router(config)# radius-server vsa send

accounting

Configures the Cisco 10000 router, acting as the network access
server (NAS), to recognize and use vendor-specific accounting
attributes.

Step 6

Router(config)# radius-server vsa send

authentication

Configures the Cisco 10000 router (NAS) to recognize and use
vendor-specific authentication attributes.

Advertising
Popular Brands
Popular manuals