# Create a RADIUS scheme.
[Switch] radius scheme rad
# Specify the primary authentication server.
[Switch-radius-rad] primary authentication 10.1.1.1 1812
# Set the shared key for secure communication with the server to expert in plain text.
[Switch-radius-rad] key authentication simple expert
# Include the domain names in usernames sent to the RADIUS server.
[Switch-radius-rad] user-name-format with-domain
[Switch-radius-rad] quit
# Create ISP domain bbb and configure authentication, authorization, and accounting methods
for login users.
[Switch] domain bbb
[Switch-isp-bbb] authentication login radius-scheme rad
[Switch-isp-bbb] authorization login radius-scheme rad
[Switch-isp-bbb] accounting login none
[Switch-isp-bbb] quit
Verifying the configuration
When the user initiates an SSH connection to the switch and enter the username hello@bbb and the
correct password, the user successfully logs in and can use the commands for the network-operator user
role.
Troubleshooting RADIUS
RADIUS authentication failure
Symptom
User authentication always fails.
Analysis
Possible reasons include:
•
A communication failure exists between the NAS and the RADIUS server.
The username is not in the format userid@isp-name, or the ISP domain is not correctly configured on
•
the NAS.
The user is not configured on the RADIUS server.
•
The password entered by the user is incorrect.
•
The RADIUS server and the NAS are configured with different shared keys.
•
Solution
Check that:
The NAS and the RADIUS server can ping each other.
•
The username is in the userid@isp-name format and the ISP domain is correctly configured on the
•
NAS.
46