Configuring The Switch For Vendor-Proprietary Radius Server Communication - Cisco Catalyst 2960 Software Configuration Manual

Hide thumbs Also See for Catalyst 2960:

Configuration manual (2288 pages)

Command reference manual (800 pages)

Hardware installation manual (108 pages)

Table of Contents

Controlling Switch Access with RADIUS

Beginning in privileged EXEC mode, follow these steps to configure the switch to recognize and use

configure terminal

radius-server vsa send [accounting |

authentication]

show running-config

copy running-config startup-config

For a complete list of RADIUS attributes or more information about vendor-specific attribute 26, see the

"RADIUS Attributes" appendix in the Cisco IOS Security Configuration Guide, Release 12.4, on

Configuring the Switch for Vendor-Proprietary RADIUS Server Communication

Although an IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary

information between the switch and the RADIUS server, some vendors have extended the RADIUS

attribute set in a unique way. Cisco IOS software supports a subset of vendor-proprietary RADIUS

As mentioned earlier, to configure RADIUS (whether vendor-proprietary or IETF draft-compliant), you

must specify the host running the RADIUS server daemon and the secret text string it shares with the

switch. You specify the RADIUS host and secret text string by using the radius-server global

configuration commands.

Beginning in privileged EXEC mode, follow these steps to specify a vendor-proprietary RADIUS server

host and a shared secret text string:

configure terminal

radius-server host {hostname | ip-address} non-standard

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

Enter global configuration mode.

Enable the switch to recognize and use VSAs as defined by RADIUS IETF

attribute 26.

(Optional) Use the accounting keyword to limit the set of recognized

vendor-specific attributes to only accounting attributes.

(Optional) Use the authentication keyword to limit the set of

recognized vendor-specific attributes to only authentication attributes.

If you enter this command without keywords, both accounting and

authentication vendor-specific attributes are used.

Return to privileged EXEC mode.

Verify your settings.

(Optional) Save your entries in the configuration file.

Enter global configuration mode.

Specify the IP address or hostname of the remote

RADIUS server host and identify that it is using a

vendor-proprietary implementation of RADIUS.

Configuring Switch-Based Authentication

Show Quick Links

Chapters

Table of Contents

Troubleshooting

Catalyst 2960-s

Configuring The Switch For Vendor-Proprietary Radius Server Communication - Cisco Catalyst 2960 Software Configuration Manual

Configuring the Switch for Vendor-Proprietary RADIUS Server Communication

Hide quick links:

Chapters

Troubleshooting

Related Manuals for Cisco Catalyst 2960

Related Content for Cisco Catalyst 2960

This manual is also suitable for:

Table of Contents