Cisco Catalyst 3750-X Software Configuration Manual page 372

Configuring Web-Based Authentication
To configure the RADIUS server parameters, perform this task:
Command
Step 1
ip radius source-interface interface_name
radius-server host {hostname | ip-address} test
Step 2
username username
Step 3 radius-server key string
Step 4 radius-server vsa send authentication
Step 5 radius-server dead-criteria tries num-tries
When you configure the RADIUS server parameters:
•
•
•
•
You need to configure some settings on the RADIUS server, including: the switch IP address, the key
Note
string to be shared by both the server and the switch, and the downloadable ACL (DACL). For more
information, see the RADIUS server documentation.
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
12-12
Specify the key string on a separate command line.
For key string, specify the authentication and encryption key used between the switch and the
RADIUS daemon running on the RADIUS server. The key is a text string that must match the
encryption key used on the RADIUS server.
When you specify the key string, use spaces within and at the end of the key. If you use spaces in
the key, do not enclose the key in quotation marks unless the quotation marks are part of the key.
This key must match the encryption used on the RADIUS daemon.
You can globally configure the timeout, retransmission, and encryption key values for all RADIUS
servers by using with the radius-server host global configuration command. If you want to
configure these options on a per-server basis, use the radius-server timeout, radius-server
retransmit, and the radius-server key global configuration commands. For more information, see
the
Cisco IOS Security Configuration Guide, Release 12.2 and the
Cisco IOS Security Command Reference, Release 12.2 at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/fsecur_r.html
Chapter 12 Configuring Web-Based Authentication
Purpose
Specify that the RADIUS packets have the IP address of
the indicated interface.
Specify the host name or IP address of the remote
RADIUS server.
The test username username option enables automated
testing of the RADIUS server connection. The specified
username does not need to be a valid user name.
The key option specifies an authentication and encryption
key to use between the switch and the RADIUS server.
To use multiple RADIUS servers, reenter this command
for each server.
Configure the authorization and encryption key used
between the switch and the RADIUS daemon running on
the RADIUS server.
Enable downloading of an ACL from the RADIUS server.
This feature is supported in
Cisco IOS Release 12.2(50)SG.
Specify the number of unanswered sent messages to a
RADIUS server before considering the server to be
inactive. The range of num-tries is 1 to 100.
OL-21521-01