本次实验采用GNS3模拟器来完成,思科设备采用C3600系列路由器,Linux服务器采用Debian10
R1:192.168.1.1/24
Debian:192.168.1.10/24
Client:192.168.1.100/24
服务端配置
-
安装FreeRadius
apt-get install -y freeradius
-
在/etc/freeradius/3.0/clients.conf文件末尾添加以下内容
client 192.168.1.1 { secret = secretkey nastype = cisco shortname = router }
-
在/etc/freeradius/3.0/users文件末尾添加一个用户
cisco Cleartext-Password := "cisco" //用户名cisco,密码cisco Service-Type = NAS-Prompt-User, Cisco-AVPair = "shell:priv-lvl=15" //用户的shell权限等级为15
-
重启服务,查看监听端口
ystemctl restart freeradius.service ss -ntlup udp UNCONN 0 0 0.0.0.0:1812 0.0.0.0:* users:(("freeradius",pid=10902,fd=8)) udp UNCONN 0 0 0.0.0.0:1813 0.0.0.0:* users:(("freeradius",pid=10902,fd=9))
路由器配置
conf t
aaa new-model
!
!
aaa group server radius AAA
server-private 192.168.1.10 auth-port 1812 acct-port 1813 key secretkey
!
aaa authentication login default group AAA
aaa authorization exec default group AAA
aaa accounting exec default start-stop group AAA
aaa accounting system default start-stop group AAA
!
line vty 0 4
transport input telnet ssh
login authentication default
客户端测试
C:\Users\Administrator>telnet 192.168.1.1
User Access Verification
Username: cisco
Password:
R1#conf t