4.6 RADIUS Password Configuration Example
For this configuration example, we will configure the VSP switch for RADIUS authentication using IPv4
addressing and using the loopback address as the source IP for CLI and EDM authentication. We will
also show the configuration steps required using Avaya's Identity Engines Ignition Server.
4.6.1
Ethernet Routing Switch Configuration
Up to ten RADIUS servers are supported on the VSP switch where each server is assigned a priority and
is connected according to the assigned priority. For this configuration example we will simply configure
one RADIUS server using IPv4 addressing and use the IP loopback address as the source IP address.
Please note by default, CLI RADIUS authentication is selected by when adding a RADIUS server – no
additional configuration steps are required to enable CLI RADIUS authentication.
Step 1 – Add RADIUS server, enable RADIUS, enable RADIUS accounting, and enable RADIUS
accounting to include CLI command with a command count of 5
VSPswitch:1(config)#radius server host 10.12.120.120 key avaya priority 1 source-ip
10.1.1.81
VSPswitch:1(config)#radius enable
VSPswitch:1(config)#radius accounting enable
VSPswitch:1(config)#radius accounting include-cli-commands
VSPswitch:1(config)#radius sourceip-flag
VSPswitch:1(config)#radius cli-cmd-count 5
Step 2 – Add IP loopback address
VSPswitch:1(config)#interface loopback 1
VSPswitch:1(config-if)#ip address 1 10.1.1.81/255.255.255.255
VSPswitch:1(config-if)#exit
If you wish to restrict CLI commands for a user, simply enable the RADIUS cli-profile
setting as shown below. On the RADIUS server, via vendor identifier code 1584 using
attributes types 194 and 195, set attribute type 194 to a value of 0 and add the CLI
command using attribute 195.
March 2015
Avaya Inc. – External Distribution
avaya.com
28