Configuring Settings For All Radius Servers; Configuring The Switch To Use Vendor-Specific Radius Attributes - Cisco Catalyst 3750-E Software Configuration Manual

Chapter 9 Configuring Switch-Based Authentication
Entering the no aaa accounting system guarantee-first command is not the only condition by which
Note
the console or telnet session can be started. For example, if the privileged EXEC session is being
authenticated by TACACS and the TACACS server is not reachable, then the session cannot start.

Configuring Settings for All RADIUS Servers

Beginning in privileged EXEC mode, follow these steps to configure global communication settings
between the switch and all RADIUS servers:
Command
Step 1
configure terminal
Step 2 radius-server key string
Step 3 radius-server retransmit retries
Step 4
radius-server timeout seconds
Step 5 radius-server deadtime minutes
Step 6 end
Step 7 show running-config
Step 8
copy running-config startup-config
To return to the default setting for the retransmit, timeout, and deadtime, use the no forms of these
commands.

Configuring the Switch to Use Vendor-Specific RADIUS Attributes

The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating
vendor-specific information between the switch and the RADIUS server by using the vendor-specific
attribute (attribute 26). Vendor-specific attributes (VSAs) allow vendors to support their own extended
attributes not suitable for general use. The Cisco RADIUS implementation supports one vendor-specific
option by using the format recommended in the specification. Cisco's vendor-ID is 9, and the supported
option has vendor-type 1, which is named cisco-avpair. The value is a string with this format:
protocol : attribute sep value *
OL-9775-08
Purpose
Enter global configuration mode.
Specify the shared secret text string used between the switch and all
RADIUS servers.
The key is a text string that must match the encryption key used on
Note
the RADIUS server. Leading spaces are ignored, but spaces within
and at the end of the key are used. If you use spaces in your key, do
not enclose the key in quotation marks unless the quotation marks
are part of the key.
Specify the number of times the switch sends each RADIUS request to the
server before giving up. The default is 3; the range 1 to 1000.
Specify the number of seconds a switch waits for a reply to a RADIUS
request before resending the request. The default is 5 seconds; the range is
1 to 1000.
Specify the number of minutes a RADIUS server, which is not responding
to authentication requests, to be skipped, thus avoiding the wait for the
request to timeout before trying the next configured server. The default is
0; the range is 1 to 1440 minutes.
Return to privileged EXEC mode.
Verify your settings.
(Optional) Save your entries in the configuration file.
Catalyst 3750-E and 3560-E Switch Software Configuration Guide
Controlling Switch Access with RADIUS
9-35