电脑技术学习

在低端路由器上做aaa radius认证试验

dn001

  试验目的:登录路由器的时候,需要输入你自己的用户名和密码,通过radius验证通过之后,再答应登录路由器。
  
  配置文件如下,每个路由器都一样的配置
  
  R2503>en
  PassWord:
  R2503#sh run
  Building configuration...
  
  Current configuration:
  !
  version 12.0
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  !
  hostname R2503
  !
  aaa new-model  (开启aaa功能)
  aaa authentication login ciscoclub radius  (设置认证方式为radius认证,ciscoclub为认证策略名)
  
  
  enable secret 5 $1$7Itz$DfIumP6x7ctddLF8QIFtF/
  !
  ip subnet-zero
  !
  interface Ethernet0
  ip address 192.168.0.203 255.255.255.0
  no ip directed-broadcast
  !
  interface Serial0
  no ip address
  no ip directed-broadcast
  no ip mroute-cache
  shutdown
  !
  interface Serial1
  ip address 172.16.20.1 255.255.255.0
  no ip directed-broadcast
  clockrate 64000
  !
  interface BRI0
  no ip address
  no ip directed-broadcast
  shutdown
  !
  ip classless
  !
  radius-server host 192.168.0.1 (设置radius的ip地址)
  radius-server key ciscoclub  (设置路由器与radius之间的密码)
  !
  line con 0
  transport input none
  line aux 0
  line vty 0 4
  login authentication ciscoclub (在这里应用认证策略)
  end
  R2503#