免费 radius软件实现 设备 AAA管理
1、在网上下载一个freeradius for win,并安装完毕 2、在freeradius上配置 C:\freeradius\etc\raddb下先改动clients.conf,users.conf 在clients.conf添加cisco设备IP地址和相关key client 10.6.6.0/24 { # #secret and password are mapped through the "secrets" file. secret = key4cisco shortname = ciscoap1240ag # # the following three fields are optional, but may be used by # # checkrad.pl for simultaneous usage checks nastype = cisco # login = !root # password = someadminpas } 在users.conf中添加设备需要的管理员和一般用户 radiusadmin Auth-Type := Local, Cleartext-Password := "radiusadmin" Service-Type = NAS-Prompt-User, cisco-avpair = "shell:priv-lvl=15" radiususer Auth-Type := Local, Cleartext-Password := "radiususer" Service-Type = NAS-Prompt-User, cisco-avpair = "shell:priv-lvl=1" 在freeradius命令行下用freeradius.exe –X ../etc/raddb调试freeradius的启动 直到出现以下信息才算正常 Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. 最后在cisco设备上配置如下 enable secret password-for-con-login aaa new-model aaa authentication login default group radiuslocal 创建缺省的认证,先radius认证,radius服务器无效的情况下再本地认证,注意radius认证失败不会本地认证 aaa authentication login con0login none 指定控制口登陆不要radius认证 aaa authorization exec defaultgroup radius local aaa authorization network default group radius local aaa accounting delay-start aaa accounting exec defaultstart-stop group radius aaa accounting network defaultstart-stop group radius username admin-password-for-localloginpassword password-for-locallogin 设定本地认证,radius无效的情况下使用 p radius source-interface interface-for-radius 设定radius认证 地址,必须与client.conf相同 radius-server host 10.6.6.247auth-port 1812acct-port 1813 key password-for-radius 设定radius认证信息,必须与client.conf相同 line con 0 login authentication con0login 设定认证方式 line vty 5 15 login authentication default 然后就可以使用radius来做网管管理了 |
4万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
