Configuring Radius On The Switch; Radius Authentication Features In Lenovo N/Os - Lenovo CN4093 Application Manual

Configuring RADIUS on the Switch

1. Turn RADIUS authentication on, then configure the Primary and Secondary
RADIUS servers.
2. Configure the RADIUS secret.
3. If desired, you may change the default UDP port number used to listen to RADIUS.
4. Configure the number retry attempts for contacting the RADIUS server, and the
timeout period.

RADIUS Authentication Features in Lenovo N/OS

© Copyright Lenovo 2015
Use the following procedure to configure Radius authentication on your CN4093.
CN 4093(config)# radius-server primary-host 10.10.1.1
CN 4093(config)# radius-server secondary-host 10.10.1.2
CN 4093(config)# radius-server primary-host 10.10.1.1 key
<1-32 character secret>
CN 4093(config)# radius-server secondary-host 10.10.1.2 key
<1-32 character secret>
CN 4093(config)# radius-server enable
CAUTION:
If you configure the RADIUS secret using any method other than through the
console port, the secret may be transmitted over the network as clear text.
The well-known port for RADIUS is 1645.
CN 4093(config)# radius-server port <UDP port number>
CN 4093(config)# radius-server retransmit 3
CN 4093(config)# radius-server timeout 5
Lenovo N/OS supports the following RADIUS authentication features:
 Supports RADIUS client on the switch, based on the protocol definitions in RFC
2138 and RFC 2866.
 Allows a RADIUS secret password of up to 32 characters.
 Supports secondary authentication server so that when the primary authentication
server is unreachable, the switch can send client authentication requests to the
secondary authentication server. Use the following command to show the
currently active RADIUS authentication server:
CN 4093# show radius-server
Chapter 5: Authentication & Authorization Protocols
85