Yay... If you have multiple devices from multiple vendors, Radius is a nice way to get them to talk together. This is how I got Radius working with my Cisco router.
1. Install IAS from add/remove programs
2. Launch IAS, create a new "Radius Client".
Friendly name can be whatever you want, I chose the name of my router.
IP is the device you want to connect to IP address.
2. Launch IAS, create a new "Radius Client".
Friendly name can be whatever you want, I chose the name of my router.
IP is the device you want to connect to IP address.
Set the shared secret (something good, no less than 6 characters, 16 would be best, no spaces, dashes are ok)
3. Create a "Remote Access Policy".
3. Create a "Remote Access Policy".
I use the wizard one, seemed simple enough. For the policy name i just chose what i was connecting to. Ethernet; Group, added a new group in AD called "Network Admins". Chose MD5 (will change later); Finish.
4. Edit your new policy (properties), remove NAS-Port-Type and put in "NAS-IP-Address"; then put in the ip of your device.
5. Edit Profile; Authentication Tab, select PAP. Under EAP methods, remove MD5.
6. Advanced Tab; add Cisco-AV-Pair; Add "shell:priv-lvl=15" under Attribute value.
Now for the Cisco Part; what got me interested was tightening security on my router, so parts are from (Here)
aaa new-model
aaa authentication login default group radius local-case
aaa authentication enable default group radius enable
aaa authorization commands 15 default group radius local
aaa accounting exec default stop-only group radius
aaa accounting commands 15 default stop-only group radius
aaa accounting network default stop-only group radius
radius-server host 0.0.0.0 <--change this to your Radius Server IP
radius-server key password <-- change this to the shared secret you set up on the Radius Server
Identifier "Configured Video Device"
Driver "intel"
EndSection
to
Section "Device"
Identifier "Configured Video Device"
Driver "intel"
Option "ForceEnablePipeA" "true"
EndSection