本次实验采用GNS3模拟器来完成,思科设备采用C3600系列路由器,Linux服务器采用Debian10

R1:192.168.1.1/24

Debian:192.168.1.10/24

Client:192.168.1.100/24

服务端配置

  1. 安装FreeRadius

    apt-get install -y freeradius

  2. 在/etc/freeradius/3.0/clients.conf文件末尾添加以下内容

    client 192.168.1.1 {
secret = secretkey
nastype = cisco
shortname = router
}

  3. 在/etc/freeradius/3.0/users文件末尾添加一个用户

    cisco Cleartext-Password := "cisco"  //用户名cisco,密码cisco
Service-Type = NAS-Prompt-User,
Cisco-AVPair = "shell:priv-lvl=15"  //用户的shell权限等级为15

  4. 重启服务,查看监听端口

    ystemctl restart freeradius.service
ss -ntlup
udp      UNCONN    0          0                    0.0.0.0:1812               0.0.0.0:*        users:(("freeradius",pid=10902,fd=8))                                                        
udp      UNCONN    0          0                    0.0.0.0:1813               0.0.0.0:*        users:(("freeradius",pid=10902,fd=9))

路由器配置

conf t
aaa new-model
!
!
aaa group server radius AAA
 server-private 192.168.1.10 auth-port 1812 acct-port 1813 key secretkey
!
aaa authentication login default group AAA
aaa authorization exec default group AAA
aaa accounting exec default start-stop group AAA
aaa accounting system default start-stop group AAA
!
line vty 0 4
transport input telnet ssh
login authentication default

客户端测试

C:\Users\Administrator>telnet 192.168.1.1
User Access Verification 
Username: cisco
Password: 
R1#conf  t