Cisco 350 Series Administration Manual page 466

Security
RADIUS
STEP 1
STEP 2
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
The device can be configured to be a RADIUS client that can use a RADIUS server to provide
centralized security, and as a RADIUS server.
RADIUS Client
An organization can use the device as establish a Remote Authorization Dial-In User Service
(RADIUS) server to provide centralized 802.1X or MAC-based network access control for all
of its devices. In this way, authentication and authorization can be handled on a single server
for all devices in the organization.
When the device is configured as a RADIUS client, it can use the RADIUS server for the
following services:
• Authentication—Provides authentication of regular and 802.1X users logging onto
the device by using usernames and user-defined passwords.
• Authorization—Performed at login. After the authentication session is completed, an
authorization session starts using the authenticated username. The RADIUS server
then checks user privileges.
Accounting—Enable accounting of login sessions using the RADIUS server. This enables a
system administrator to generate accounting reports from the RADIUS server. The user-
configurable, TCP port used for RADIUS server accounting is the same TCP port that is used
for RADIUS server authentication and authorization.
Defaults
The following defaults are relevant to this feature:
• No default RADIUS server is defined by default.
• If you configure a RADIUS server, the accounting feature is disabled by default.
Interactions With Other Features
You cannot enable accounting on both a RADIUS and TACACS+ server.
Radius Workflow
To use a RADIUS server, do the following:
Open an account for the device on the RADIUS server.
Configure that server along with the other parameters in the RADIUS and ADD RADIUS
Server pages.
17
323