试验目的:登录路由器的时候,需要输入你自己的用户名和密码,通过radius验证通过之后,再允许登录路由器。
配置文件如下,每个路由器都一样的配置
R2503en
Password:
R2503#sh run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R2503
!
aaa new-model
(开启aaa功能)
aaa authentication login ciscoclub radius
(设置认证方式为radius认证,ciscoclub为认证策略名)
enable secret 5 $1$7Itz$DfIumP6x7ctddLF8QIFtF/
!
ip subnet-zero
!
interface Ethernet0
ip address 192.168.0.203 255.255.255.0
no ip directed-broadcast
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
!
interface Serial1
ip address 172.16.20.1 255.255.255.0
no ip directed-broadcast
clockrate 64000
!
interface BRI0
no ip address
no ip directed-broadcast
shutdown
!
ip classless
!
radius-server host 192.168.0.1
(设置radius的ip地址)
radius-server key ciscoclub
(设置路由器与radius之间的密码)
!
line con 0
transport input none
line aux 0
line vty 0 4
login authentication ciscoclub
(在这里应用认证策略)
end
R2503#