1. Goals
□ Set up FreeRADIUS on CentOS(steam 9) to authenticate Cisco system.
□ Confirm dot1x on all change ports.
□ Confirm by connecting the laptop computer to the change.
CentOS(203.230.7.2) – Cisco 2960 Change(203.230.7.254) – Cisco 2800 Collection Router(gig0/0 : 203.230.7.1, gig0/1: 203.230.8.1) – 203.230.8.1) – Home windows 320.
2. Present situations and issues
□ Accomplished authentication of Cisco units after finishing FreeRADIUS set up on CentOS
□ dot1x authentication accomplished on all change ports.
- Accomplished ping take a look at from change to centos and router.
□ Authentication failed when authenticating by connecting the laptop computer to the change
3. FreeRADIUS settings
□ /and so on/raddb/shoppers.conf
consumer router {
ipaddr = 203.230.7.1
secret = mycisco
shortname = router
}
consumer change {
ipaddr = 203.230.7.254
secret = mycisco
shortname = change
}
consumer’s laptop computer{
ipaddr = 203.230.7.4
secret = mycisco
shortname = laptop computer
}
□ /and so on/raddb/customers
take a look at cleartext password := “take a look at”
□ Firewall setting
sudo firewall-cmd –add-port=1812/udp — everlasting
sudo firewall-cmd –add-port=1813/udp — everlasting
sudo firewall-cmd –reload
sudo firewall-cmd –list-ports
□ SELinux setting
sudo semanage port -a -t radius_port_t -p udp 1812
sudo semanage port -a -t radius_port_t -p udp 1813
4. Router configuration
Username admin Privilege 15 Password 0 cisco123
int gig0/0
add ip 203.230.7.1 255.255.255.0
No sh
get out
int gig0/1
add ip 203.230.8.1 255.255.255.0
No sh
get out
AAA New Mannequin
radius server host 203.230.7.2 auth-port 1812 acct-port 1813 key mycisco
aaa authentication login default group radius native
aaa permission exec default group radius native
aaa accounting exec The radius of the default start-stop group
Check AAA Group Radius Testuser Check Password Legacy
5. Change settings.
Username admin Privilege 15 Password 0 cisco123
VLAN 1
Title verified
get out
vlan 100
Title Unverified
get out
int vlan 1
add ip 203.230.7.254 255.255.255.0
No sh
get out
AAA New Mannequin
radius server host 203.230.7.2 auth-port 1812 acct-port 1813 key mycisco
aaa authentication login default group radius native
aaa permission exec default group radius native
aaa accounting exec The radius of the default start-stop group
aaa Allow community default group radius
aaa authentication dot1x Default group radius
dot1x system-auth-control
int vary fa0/1-24
Entry switchport mode
switchport entry vlan 1
Authentication Port Management Auto
dot1x pae authenticator
dot1x timeout tx-period 5
dot1x max-req 3
get out
int vary fa0/1-4
dot1x port management drive approved
get out
int vary fa0/5-24
dot1x guest-vlan 100
authentication occasion failed motion allow vlan 100
authentication occasion no response permit vlan 100
Authentication Host Mode MultiAuth
