How to setup IAS to use radius to authenticate Cisco device

Home -> Networking -> Cisco

From the computer of: CCIE14019 (2 recipes)
Created: Jul 01, 2006

Add to:

This recipe shows how to configure IAS for Cisco equiptment using level 15 and also level 2 so you can have tech users and admn users, depending on which OU you're in.

====================
= IAS Radius SETUP =
====================


-Make sure machines are on domain

-setup IAS
-launch IAS
-select radius clients
-right click, add
-add friendly name [sitename + subnet]
-add [subnet/20] for ip address, next
-choose Radius Standard and enter shared secret, finish
-right click on IAS service local, register server in AD, OK, OK
-select remote access policy
-in the right window pane
-rename to Radius Policy Level 1
-rename to Radius Policy Level 15
-go properties of Radius Policy Level 1
-remove anything in window
-add Windows-Group
-add, "switch users 1" under gaming domain, OK, OK
-click on "grant remote access privleges", apply
-click edit profile
-authentication tab
-check only unencryped authentication
-advanced tab
-remove the one that says Framed-Protocol
-edit Service-type and change to LOGIN, OK
-add vendor-specific, add
-add, change to CISCO, yes it conforms, configure attributes
-1, string, shell:priv-lvl=1, ok, ok, ok, close
-go properties of Radius Policy Level 15
-remove anynthing in window
-add Windows-Group
-add, "switch users 15" under gaming domain, OK, OK
-click on "grant remote access privleges", apply
-click edit profile
-authentication tab
-check only unencryped authentication
-advanced tab
-remove the one that says Framed-Protocol
-edit Service-type and change to LOGIN, OK
-add vendor-specific, add
-add, change to CISCO, yes it conforms, configure attributes
-1, string, shell:priv-lvl=15, ok, ok, ok, close