Successfully pass the free certification exam at IW Academy and become an Infinet Certified Engineer.
This is an example to help you to set up the RADIUS authentication (CentOS+FreeRADIUS) for admin users on R5000 devices.
Step 1
Add the R5000 client devices you want to authenticate at FreeRADIUS server to /etc/raddb/clients.conf.
client MASTER{
ipaddr=1.1.10.1
secret=pass
}
NOTE
/etc/raddb/clients.conf contains a list of devices that can query the FreeRADIUS server for AAA requests.
Step 2
Add users to /etc/raddb/users.
login Cleartext-Password:="password"
- "login" - any user login
- "password" - any user password.
Step 3
Set up your devices:
- Set up local login and password (you can choose any login and password you like).
sys user login sys password pass
- Enable AAA authentication.
sys useAAA
- Specify IP-address and password. Use actual address of your RADIUS server instead of "10.10.10.128".
- Instead of "pass" use actual password you have specified on step 1.
aaa -auth=10.10.10.128,pass start
- Save configuration.
co sa
Step 4
Make sure your R5000 devices and RADIUS server have full IP connectivity (devices can ping RADIUS server address and vice versa) and no firewalls are enabled between RADIUS server and R5000 devices.
We also recommend disabling FreeRADIUS server firewall.
sudo systemctl stop firewalld
Step 5
Start FreeRADIUS server in debug mode.
sudo radiusd –X
Step 6
Try to login to R5000 device via Web interface or Telnet using login and password you have specified on step 2. If configuration is correct you will be able to access the device management and see the FreeRADIUS server output similar to the following:
