Table of Contents
Advertisement
RADIUS Authentication, Authorization, and Accounting
[dyn-authorization]
Enables or disables the processing of Disconnect and
Change of Authorization messages from this host. When
enabled, the RADIUS server can dynamically terminate or
change the authorization parameters (such as VLAN
assignment) used in an active client session on the switch.
The UDP port specified in the radius-server dyn-autz-port
command (defaults to 3799) is the port used to listen for
Change of Authorization messages (CoA) or Disconnect
messages (DM). See Change-of-Authorization on page
6-45.
Default: Disabled
[key < key-string >]
Optional. Specifies an encryption key for use during
authentication (or accounting) sessions with the specified
server. This key must match the encryption key used on
the RADIUS server. Use this command only if the specified
server requires a different encryption key than configured
for the global encryption key.
Note: Formerly, when you saved the configuration file
using Xmodem or TFTP, the RADIUS encryption key infor-
mation was not saved in the file. This caused RADIUS
authentication to break when the startup configuration
file was loaded back onto the switch. You now can save the
configured RADIUS shared secret (encryption) key to a
configuration file by entering the following commands:
include-credentials
write memory
For more information, see "Saving Security Credentials
in a Config File" on page 2-10 in this guide.
Configuring the Switch for RADIUS Authentication
6-15
Hide quick links:
Advertisement
Table of Contents
