Radius configuration on Cisco Firewall-ASA

Step 1:Configure the RADIUS server on the Cisco ASA firewall.

To configure the RADIUS server on the Cisco ASA firewall, use the following commands:

hostname(config)# radius-server host <ip-address>
hostname(config)# radius-server key <key>

Replace <ip-address> with the IP address of the RADIUS server, and <key> with the shared secret key for RADIUS authentication.

Step 2:Configure the RADIUS server group.

To configure the RADIUS server group on the Cisco ASA firewall, use the following command:

hostname(config)# aaa-server <group-name> protocol radius

Replace <group-name> with the name of the RADIUS server group.

Step 3:Configure the authentication method for the RADIUS server group.

To configure the authentication method for the RADIUS server group on the Cisco ASA firewall, use the following command:

hostname(config)# aaa-server <group-name> (inside) host <ip-address> <key> timeout <timeout-value>

Replace <group-name> with the name of the RADIUS server group, <ip-address> with the IP address of the RADIUS server, <key> with the shared secret key for RADIUS authentication, and <timeout-value> with the timeout value for RADIUS authentication.

Step 4:Configure the user authentication method.

To configure the user authentication method on the Cisco ASA firewall, use the following command:

hostname(config)# aaa authentication login <auth-method> <group-name> local

Replace <auth-method> with the authentication method name, and <group-name> with the name of the RADIUS server group.

Step 5:Configure the user authorization method.

To configure the user authorization method on the Cisco ASA firewall, use the following command:

hostname(config)# aaa authorization exec <auth-method> <group-name> if-authenticated

Replace <auth-method> with the authorization method name, and <group-name> with the name of the RADIUS server group.

Step 6:Verify the RADIUS configuration.

To verify the RADIUS configuration on the Cisco ASA firewall, use the following command:

hostname# show aaa-server group <group-name> server-hosts

Replace <group-name> with the name of the RADIUS server group.