Freeradius
- head -3 /etc/freeradius/users
60eb69962da5 Cleartext-Password := "60eb69962da5"
xinux Cleartext-Password := "suxer"
rudi Cleartext-Password := "wiggel"
- tail -8 /etc/freeradius/clients.conf
client lan-clients {
ipaddr = 192.168.240.0
netmask = 21
secret = sysadm
require_message_authenticator = no
nastype = other
}
Radius Server Einrichten
- configure terminal
- radius-server host 192.168.244.49 auth-port 1812 acct-port 1813
- radius-server key sysadm
- end
Radius Server Status anzeigen
Status and Counters - General RADIUS Information
Deadtime(min) : 0
Timeout(secs) : 5
Retransmit Attempts : 3
Global Encryption Key : sysadm
Auth Acct
Server IP Addr Port Port Encryption Key
--------------- ----- ----- --------------------------------
192.168.244.49 1812 1813
Set general port-access Parameters
- configure terminal
- aaa authentication ssh login radius local
- aaa authentication ssh enable radius local
- aaa authentication console login radius local
- aaa authentication console enable radius local
- end
Authentifizierungseinstellungen anzeigen
Status and Counters - Authentication Information
Login Attempts : 3
Respect Privilege : Disabled
| Login Login Enable Enable
Access Task | Primary Secondary Primary Secondary
----------- + ---------- ---------- ---------- ----------
Console | Radius Local Radius Local
Telnet | Local None Local None
Port-Access | EapRadius
Webui | Local None Local None
SSH | Radius Local Radius Local
Web-Auth | ChapRadius
MAC-Auth | ChapRadius
Generelle Parameter
- configure terminal
- aaa authentication port-access eap-radius
- end
Macbased Access
- configure terminal
- aaa port-access mac-based 22
Config anzeigen
- show port-access ethernet 22 mac-based config
Port Access MAC-Based Configuration
MAC Address Format : no-delimiter
Client Client Logoff Re-Auth Unauth Auth
Port Enabled Limit Moves Period Period VLAN ID VLAN ID
----- -------- ------ ------ --------- --------- -------- --------
22 Yes 2 No 300 0 0 0
Clients anzeigen
Nicht erfolgreich
- show port-access ethernet 22 mac-based
Port Access MAC-Based Status
Authenticated Unauthenticated Current
Port Clients Clients VLAN ID
----- ------------- --------------- --------
22 0 1 10
- show port-access ethernet 22 mac-based clients
Port Access MAC-Based Client Status
Port MAC Address Session Status Time
----- ------------- --------------------- --------
22 00040e-0b182d rejected-no vlan 3 secs
Erfolgreich
- show port-access ethernet 22 mac-based
Port Access MAC-Based Status
Authenticated Unauthenticated Current
Port Clients Clients VLAN ID
----- ------------- --------------- --------
22 1 0 10
- show port-access ethernet 22 mac-based clients
Port Access MAC-Based Client Status
Port MAC Address Session Status Time
----- ------------- --------------------- --------
22 60eb69-962da5 authenticated 2 mins
Mehrere Ports Mackontrolle über Radius
- aaa port-access mac-based ethernet 21-24
Links