Radius Configuration On Router and Server

How to configure fast and simple Radius on the router and on a server.
First I explame the installation / configuration on a Server.
Installation Internet Authentication Service

  1. First you install radius on the server.
  2. Click on Add/Remove Windows Components
  3. Click on Network Services ( Details )
  4. Check the box in front of “Internet Authentication Service” and click OK
  5. Click on Next
  6. Click on Finish

Active Directory Changes

  1. make a Security Group
  2. Call it Radius ( Group scope “GLOBAL” & Group type “SECURITY”)
  3. Click on Next
  4. A mailbox is not necessary and click on next
  5. Click on Finish
  6. Click right mouse button and Properties of the group Radius
  7. Add Members who chain access with VPN ( include the Administrator also )

Internet Authentication Service

  1. Go to Radius Clients
  2. Add New RADIUS Client
  3. Give a Friendly Name and their IP Address
  4. On Client – Vendor ( can you choose standard or Cisco )
  5. Shared Secret key:( for example: H0m3RS1mps0n )
  6. Go to Remote Access Policies
  7. Remove all policies which are available
  8. Create a New Remote Access Policy
  9. Click on Next
  10. “Use the Wizard to set up a typical policy for a common scenario”
  11. Policy Name: VPN
  12. Click on Next
  13. Choose VPN and click on Next
  14. Choose for Group and click on Add
  15. Check the Group ( Radius ) you want to grant access and click on OK
  16. Click on Next
  17. Check all boxes EAP / MS-CHAPv2 and MS-CHAP and click on next
  18. check all boxes basic / strong / strongest
  19. Click on Finish
  20. Click on the policy Properties
  21. Click on Edit Profile
  22. Check at Authentication CHAP and PAP,SPAP
  23. Click on Apply and OK
  24. If you get a warning of a Help file click NO
  25. Click on OK

On the Router you have to do something to
Go to the enable mode
Configuration Terminal
aaa new-model
!
!
Local login to the router to avoid login problem when you have to change something Split the local / Radius from the default group.
aaa authentication login default local
Command for the Radius group
aaa authentication login CVPN group radius
aaa authentication ppp default local
aaa authorization network default local
!
aaa session-id common
The 2 bold lines are associated with the Radius group in AAA
crypto isakmp profile CIP_CVPN_CLIENT
match identity group <Companyname>-VPN
client authentication list CVPN
isakmp authorization list CVPN
client configuration address respond
radius-server host < server ip > auth-port 1645 acct-port 1646 key < example key H0m3RS1mps0n >
Test the VPN connection if you can log on the the network.
Test the Telnet thru contact the router with the local name you entered in the router.
If you have any problems say it and i hope i’m able to help you out with the problem.
update: I’ve made a new post included pictures for the server side of the radius configuration http://glazenbakje.wordpress.com/2012/08/09/windows-server-2008-r2-radius-installation-for-cisco-devices/

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.