Command Syntax
aaa authorization exec
{
|
default
method-list-name
tacacs+
Apply the method list to terminal lines
To enable RADIUS AAA login authentication for a method list, you must apply it to a terminal line. To
configure a terminal line for RADIUS authentication and authorization, enter the following commands:
Command Syntax
{
|
|
line
aux 0
console 0
vty number
[
]}
end-number
{
login authentication
method-list-name
}
default
authorization exec
methodlist
Specify a RADIUS server host
When configuring a RADIUS server host, you can set different communication parameters, such as the
UDP port, the key password, the number of retries, and the timeout.
To specify a RADIUS server host and configure its communication parameters, use the following
command in the CONFIGURATION mode:
Command Syntax
{
radius-server host
hostname
} [
auth-port port-number
ip-address
[
] [
retransmit retries
timeout seconds
[
[
]
key
encryption-type
key
Command Mode
CONFIGURATION
}
radius
Command Mode
CONFIGURATION
LINE
|
CONFIGURATION
Command Mode
|
CONFIGURATION
]
]
]
Purpose
Create methodlist with RADIUS and TACACS+ as
authorization methods. Typical order of methods:
RADIUS, TACACS+, Local, None. If authorization is
denied by RADIUS, the session ends (
be the last method specified).
Purpose
Enter the LINE mode.
Enable AAA login authentication for the specified
RADIUS method list. This procedure is mandatory if
you are not using default lists.
To use the methodlist.
Purpose
Enter the host name or IP address of the RADIUS server
host. Configure the optional communication parameters
for the specific host:
•
auth-port port-number
UDP port number. The default is 1812.
•
range: 0 to 100. Default is 3.
retransmit retries
•
range: 0 to 1000. Default is 5
timeout seconds
seconds.
•
[
]
key
encryption-type
key:
for encrypted text, and a string for the key. The key
can be up to 42 characters long. This key must match
the key configured on the RADIUS server host.
If these optional parameters are not configured, the
global default values for all RADIUS host are applied.
should not
radius
range: 0 to 65335. Enter a
Enter 0 for plain text or 7
Security | 891