Step 1:Configure the RADIUS server on the Cisco ASA firewall.
To configure the RADIUS server on the Cisco ASA firewall, use the following commands:
hostname(config)# radius-server host <ip-address>
hostname(config)# radius-server key <key>
Replace <ip-address>
with the IP address of the RADIUS server, and <key>
with the shared secret key for RADIUS authentication.
Step 2:Configure the RADIUS server group.
To configure the RADIUS server group on the Cisco ASA firewall, use the following command:
hostname(config)# aaa-server <group-name> protocol radius
Replace <group-name>
with the name of the RADIUS server group.
Step 3:Configure the authentication method for the RADIUS server group.
To configure the authentication method for the RADIUS server group on the Cisco ASA firewall, use the following command:
hostname(config)# aaa-server <group-name> (inside) host <ip-address> <key> timeout <timeout-value>
Replace <group-name>
with the name of the RADIUS server group, <ip-address>
with the IP address of the RADIUS server, <key>
with the shared secret key for RADIUS authentication, and <timeout-value>
with the timeout value for RADIUS authentication.
Step 4:Configure the user authentication method.
To configure the user authentication method on the Cisco ASA firewall, use the following command:
hostname(config)# aaa authentication login <auth-method> <group-name> local
Replace <auth-method>
with the authentication method name, and <group-name>
with the name of the RADIUS server group.
Step 5:Configure the user authorization method.
To configure the user authorization method on the Cisco ASA firewall, use the following command:
hostname(config)# aaa authorization exec <auth-method> <group-name> if-authenticated
Replace <auth-method>
with the authorization method name, and <group-name>
with the name of the RADIUS server group.
Step 6:Verify the RADIUS configuration.
To verify the RADIUS configuration on the Cisco ASA firewall, use the following command:
hostname# show aaa-server group <group-name> server-hosts
Replace <group-name>
with the name of the RADIUS server group.