Home > AAA, Active Directory, Cisco, Microsoft, Networking, RADIUS, Security > Too Many Passwords? NPS/RADIUS on Windows Server 2008

Too Many Passwords? NPS/RADIUS on Windows Server 2008

I had a requirement to add Network Policy Services to allow Active Directory Authentication on Cisco devices:

Network Policy Server Setup for AD:

  • Create AD global security group in domain.
  • Install NPS components from the Roles console in Windows Server 2008.
  • Install Network Policy Server.
  • Install Routing and Remote Access Service.
    • Install Remote Access Service component.
    • Install Routing component.
  • Launch NPS Console.
  • Add Remote Access Clients (Radius Clients and Servers > Radius Clients > New):
    • Friendly Name:  Router1
    • IP Address:
    • Shared Secret:  CiscoRocks
    • Advanced > Vendor:  Cisco
    • Added remote access policy(Policies > Network Policies > New):
      • Name:  CiscoAuth
      • Access Permission:  Granted
      • Conditions: Add > Windows Groups > cisco.admin
      • Constraints: Authentication > Unencrypted Authentication PAP, SPAP
      • Idle Timeout:  10 minutes
      • Settings:
        • Service-Type = Login
        • Framed-Protocol = PPP

RADIUS Setup for Cisco Device:

  • Configure local user.
  • Configure SSH.
  • Configure Loopback
  • aaa new-model
  • radius-server host auth-port 1645 acct-port 1646 key CiscoRocks
  • aaa authentication login AUTH group radius group ADRADIUS local
  • ip radius source-interface Loopback0
  • aaa group server radius ADRADIUS
  • server
  • line vty 0 4
  • login authentication AUTH
  • Allow 1723 & GRE in any ACLs between hosts.

Debug Commands:

debug aaa authentication
debug radius authentication
term mon

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: