Chapter 27
Configuring Switch Access Using AAA
Configuring RADIUS Authentication
These sections describe how to configure RADIUS authentication on the switch.
•
•
•
•
•
•
•
•
•
Specifying RADIUS Servers
To specify one or more RADIUS servers, perform this task in privileged mode:
Task
Step 1
Specify the IP address of up to three RADIUS
servers. Specify the primary server using the
primary keyword. Optionally, specify the
destination UDP port to use on the server.
Step 2
Verify the RADIUS server configuration.
This example shows how to specify a RADIUS server and verify the configuration:
Console> (enable) set radius server 172.20.52.3
172.20.52.3 with auth-port 1812 added to radius server table as primary server.
Console> (enable) show radius
Login Authentication:
---------------------
tacacs
radius
local
Enable Authentication: Console Session
---------------------- ----------------- ----------------
tacacs
radius
local
Radius Deadtime:
Radius Key:
Radius Retransmit:
Radius Timeout:
Radius-Server
----------------------------- -------
172.20.52.3
Console> (enable)
78-12647-02
Specifying RADIUS Servers, page 27-23
Enabling RADIUS Authentication, page 27-24
Specifying the RADIUS Key, page 27-25
Setting the RADIUS Timeout Interval, page 27-26
Setting the RADIUS Retransmit Count, page 27-26
Setting the RADIUS Dead Time, page 27-27
Clearing RADIUS Servers, page 27-28
Clearing the RADIUS Key, page 27-28
Disabling RADIUS Authentication, page 27-29
Console Session
----------------
disabled
disabled
enabled(primary)
disabled
disabled
enabled(primary)
Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4
Command
set radius server ip_addr [auth-port
port_number] [primary]
show radius
Telnet Session
----------------
disabled
disabled
enabled(primary)
Telnet Session
disabled
disabled
enabled(primary)
0 minutes
2
5 seconds
Status
Auth-port
------------
primary
1812
Configuring Authentication
27-23