1. Targets
□ Set up FreeRADIUS on CentOS(steam 9) to carry out Cisco system authentication
□ Carry out dot1x authentication on all ports of the swap
□ Carry out authentication by connecting a laptop computer to the swap
CentOS(203.230.7.2) – Cisco 2960 Change(203.230.7.254) – Cisco 2800 Collection Router(gig0/0 : 203.230.7.1, gig0/1: 203.230.8.1) – Home windows 10 PC(203.230.8.2)
2. Present state of affairs and points
□ Accomplished Cisco gear authentication after finishing FreeRADIUS set up on CentOS
□ Accomplished dot1x authentication on all ports of the Change
- Accomplished ping check from Change to CentOS and Router
□ Authentication failed when performing authentication by connecting a laptop computer to the Change
3. FreeRADIUS Settings
□ /and so on/raddb/purchasers.conf
consumer router{
ipaddr = 203.230.7.1
secret = mycisco
shortname = router
}
consumer swap{
ipaddr = 203.230.7.254
secret = mycisco
shortname = swap
}
consumer laptop computer{
ipaddr = 203.230.7.4
secret = mycisco
shortname = laptop computer
}
□ /and so on/raddb/customers
check Cleartext-Password := “check”
□ Firewall Setting
sudo firewall-cmd –add-port=1812/udp –permanent
sudo firewall-cmd –add-port=1813/udp –permanent
sudo firewall-cmd –reload
sudo firewall-cmd –list-ports
□ SELinux Setting
sudo semanage port –a –t radius_port_t –p udp 1812
sudo semanage port –a –t radius_port_t –p udp 1813
4. Router Setting
username admin privilege 15 password 0 cisco123
int gig0/0
ip add 203.230.7.1 255.255.255.0
no sh
exit
int gig0/1
ip add 203.230.8.1 255.255.255.0
no sh
exit
aaa new-model
radius-server host 203.230.7.2 auth-port 1812 acct-port 1813 key mycisco
aaa authentication login default group radius native
aaa authorization exec default group radius native
aaa accounting exec default start-stop group radius
check aaa group radius testuser testpassword legacy
5. Change Setting
username admin privilege 15 password 0 cisco123
vlan 1
title Authenticated
exit
vlan 100
title Unauthenticated
exit
int vlan 1
ip add 203.230.7.254 255.255.255.0
no sh
exit
aaa new-model
radius-server host 203.230.7.2 auth-port 1812 acct-port 1813 key mycisco
aaa authentication login default group radius native
aaa authorization exec default group radius native
aaa accounting exec default start-stop group radius
aaa authorization community default group radius
aaa authentication dot1x default group radius
dot1x system-auth-control
int vary fa0/1-24
switchport mode entry
switchport entry vlan 1
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 5
dot1x max-req 3
exit
int vary fa0/1-4
dot1x port-control force-authorized
exit
int vary fa0/5-24
dot1x guest-vlan 100
authentication occasion fail motion authorize vlan 100
authentication occasion no-response motion authorize vlan 100
authentication host-mode multi-auth