Restrictions For Configuring Radius - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Restrictions for Configuring RADIUS
• RADIUS is facilitated through AAA and can be enabled only through AAA commands.
• Use the aaa new-model global configuration command to enable AAA.
• Use the aaa authentication global configuration command to define method lists for RADIUS
• Use line and interface commands to enable the defined method lists to be used.
• At a minimum, you must identify the host or hosts that run the RADIUS server software and define the
• You should have access to and should configure a RADIUS server before configuring RADIUS features
• The RADIUS host is normally a multiuser system running RADIUS server software from Cisco (Cisco
• To use the Change-of-Authorization (CoA) interface, a session must already exist on the switch. CoA
For RADIUS operation:
• Users must first successfully complete RADIUS authentication before proceeding to RADIUS
Restrictions for Configuring RADIUS
This topic covers restrictions for controlling Switch access with RADIUS.
General:
• To prevent a lapse in security, you cannot configure RADIUS through a network management application.
RADIUS is not suitable in the following network security situations:
• Multiprotocol access environments. RADIUS does not support AppleTalk Remote Access (ARA),
• Switch-to-switch or router-to-router situations. RADIUS does not provide two-way authentication.
• Networks using a variety of services. RADIUS generally binds a user to one service model.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
902
authentication.
method lists for RADIUS authentication. You can optionally define method lists for RADIUS
authorization and accounting.
on your Switch.
Secure Access Control Server Version 3.0), Livingston, Merit, Microsoft, or another software provider.
For more information, see the RADIUS server documentation.
can be used to identify a session and enforce a disconnect request. The update affects only the specified
session.
authorization, if it is enabled.
NetBIOS Frame Control Protocol (NBFCP), NetWare Asynchronous Services Interface (NASI), or X.25
PAD connections.
RADIUS can be used to authenticate from one device to a non-Cisco device if the non-Cisco device
requires authentication.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
