1. Create an AD group
- Enter the users that you want to login to the switches to this group.
2. Now we will configure the Radius server.
Install the NPS server role.
After the role is installed we will open the management window.
3. Check that the NPS is configured on “Network Access Protection (NAP)”
4. Create a new Radius client.
- Remember the Shard Secret password ( we will use it later in the switches.)
5. Create a new Radius Policy
- User Groups – select the group that we created in Active Directory
- The Client Friendly name – is the “new radius client” name that you enter in section 4 on this post.
- This is how it should look.
Now lets config the switch.
Switch(config)#aaa authentication login default group radius local
Switch(config)#aaa authentication login No-Radius-Login local
(a policy that disables the use of radius authentication (we will use it in our console connection )
Switch(config)#aaa authorization exec default group radius if-authenticated
( if you connected to the switch you will stay connected to the switch even if the radius server is down.)
Switch(config)#radius-server host X.X.X.X
(Enter the ip address of your radius server)
Switch(config)#radius-server key *******
(Put the same password that you enter in the “new radius client”)
Config your switch line console.
Switch(config)#line con 0
login authentication No-Radius-Login
( when you connect using console cable you will connect using your local switch credentials)
And that’s it. now you can log in to the switches using your Domain user name and password!