How to Set Up IAS to Use Radius to Authenticate a Cisco Device

Posted July 1, 2006 by CCIE14019 in Cisco networking

This tech-recipe shows how to configure IAS for Cisco equipment using level 15 and also level 2. Thus, the information applies both to tech users and administrative users, depending on which OU applies to you.


====================
= IAS Radius SETUP =
====================

-Before you begin, make sure machines are on domain.

-Set up IAS.
-Launch IAS.
-Select radius clients.
-Right-click add.
-Add friendly name [sitename + subnet].
-Add [subnet/20] for ip address.
-Next, choose Radius Standard, and enter shared secret. Click finish.
-Right-click on IAS service local, and register server in AD. Click OK and OK.
-Select remote access policy.
-In the right window pane, complete the following:
-Rename to Radius Policy Level 1
-Rename to Radius Policy Level 15

For Radius Policy Level 1
-Go to properties of Radius Policy Level 1.
-Remove anything in the window.
-Add Windows-Group.
-Add switch users 1 under gaming domain. Click OK and OK.
-Click on grant remote access privileges and click apply.
-Click edit profile.
-At the Authentication tab, check only unencrypted authentication.
-At the Advanced tab, remove the one named Framed-Protocol.
-Edit Service-type, and change to LOGIN. Click OK.
-Add vendor-specific, and click add.
-Add, change to CISCO. Click yes it conforms, and configure attributes:
-1, string, shell:priv-lvl=1, Click ok, ok, ok, and close.

For Radius Policy Level 15
-Go to properties of Radius Policy Level 15.
-Remove anything in the window.
-Add Windows-Group.
-Add switch users 15 under gaming domain. Click OK and OK.
-Click on grant remote access privileges, and click apply.
-Click edit profile.
-Under the authentication tab, check only unencrypted authentication.
-Under the advanced tab, remove the one named Framed-Protocol.
-Edit Service-type, and change to LOGIN. Then click OK.
-Add vendor-specific, and click add.
-Add, change to CISCO, click yes it conforms, and then configure attributes:
-1, string, shell:priv-lvl=15. Click ok, ok, ok, and close.

The Conversation

Follow the reactions below and share your own thoughts.