1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. 2950 - Catalyst Switch
  6. Software manual

Configuring Radius Authorization For Privileged Exec Access And Network Services - Cisco Catalyst 2950 Software Manual

Desktop switch software configuration guide
Hide thumbs Also See for Catalyst 2950:
Table of Contents

Advertisement

Chapter 6
Configuring the System
Command
Step 7
show running-config
Step 8
copy running-config startup-config
Step 9
To remove the specified RADIUS server, use the no radius-server host hostname | ip-address global
configuration command. To remove a server group from the configuration list, use the no aaa group
server radius group-name global configuration command. To remove the IP address of a RADIUS
server, use the no server ip-address server group configuration command.
In this example, the switch is configured to recognize two different RADIUS group servers (group1 and
group2). Group1 has two different host entries on the same RADIUS server configured for the same
services. The second host entry acts as a fail-over backup to the first entry.
Switch(config)# radius-server host 172.20.0.1 auth-port 1000 acct-port 1001
Switch(config)# radius-server host 172.10.0.1 auth-port 1645 acct-port 1646
Switch(config)# aaa new-model
Switch(config)# aaa group server radius group1
Switch(config-sg-radius)# server 172.20.0.1 auth-port 1000 acct-port 1001
Switch(config-sg-radius)# exit
Switch(config)# aaa group server radius group2
Switch(config-sg-radius)# server 172.20.0.1 auth-port 2000 acct-port 2001
Switch(config-sg-radius)# exit

Configuring RADIUS Authorization for Privileged EXEC Access and Network Services

AAA authorization limits the services available to a user. When AAA authorization is enabled, the
switch uses information retrieved from the user's profile, which is in either the local user database or on
the security server, to configure the user's session. The user is granted access to a requested service only
if the information in the user profile allows it.
You can use the aaa authorization global configuration command with the radius keyword to set
parameters that restrict a user's network access to privileged EXEC mode.
The aaa authorization exec radius local command sets these authorization parameters:
Note
Authorization is bypassed for authenticated users who log in through the CLI even if authorization has
been configured.
78-11380-03
Purpose
Verify your entries.
(Optional) Save your entries in the configuration file.
Enable RADIUS login authentication. See the
Login Authentication" section on page
Use RADIUS for privileged EXEC access authorization if authentication was performed by using
RADIUS.
Use the local database if authentication was not performed by using RADIUS.
Controlling Switch Access with RADIUS
6-29.
Catalyst 2950 Desktop Switch Software Configuration Guide
"Configuring RADIUS
6-33
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco Catalyst 2950

Related Content for Cisco Catalyst 2950

This manual is also suitable for:

2950 24 - catalyst switch2950g 48 - catalyst switch - stackable

Table of Contents