本次实验采用全部采用GNS3模拟器来完成,思科采用的是C3640路由器,服务器端采用Debian10

Router:192.168.1.1/24

Debian:192.168.1.10/24

Client:192.168.1.100/24

服务端配置

1.安装FreeRadius

apt-get install freeradius

2.在/etc/freeradius/3.0/clients.conf文件末尾添加身份验证客户端

client 192.168.1.1 {
secret = secretkey
nastype = cisco
shortname = router
}

3.在/etc/freeradius/3.0/users文件末尾添加一个用户

cisco Cleartext-Password := "cisco"  //用户名cisco,密码cisco
Service-Type = NAS-Prompt-User,
Cisco-AVPair = "shell:priv-lvl=15"  //用户的shell权限等级为15

4.重启服务,查看监听端口

systemctl restart freeradius.service
ss -ntlup
udp      UNCONN    0          0                    0.0.0.0:1812               0.0.0.0:*        users:(("freeradius",pid=10902,fd=8))                                                        
udp      UNCONN    0          0                    0.0.0.0:1813               0.0.0.0:*        users:(("freeradius",pid=10902,fd=9))

路由器配置

conf t
aaa new-model
!
!
aaa group server radius AAA
 server-private 192.168.1.10 auth-port 1812 acct-port 1813 key secretkey
!
aaa authentication login default group AAA
aaa authorization exec default group AAA
aaa accounting commands 15 default start-stop group AAA
aaa accounting exec default start-stop group AAA
aaa accounting system default start-stop group AAA
!
line vty 0 4
transport input telnet ssh
login authentication default

客户端测试

C:\Users\Administrator>telnet 192.168.1.1
User Access Verification 
Username: cisco
Password: 
R1#conf  t