Cisco Catalyst 2960-XR Security Configuration Manual page 338
Ios release 15.0 2 ex1
Hide thumbs
Also See for Catalyst 2960-XR:
- Configuration manual (196 pages) ,
- Configuration manuals (120 pages) ,
- Reference (52 pages)
Table of Contents
Advertisement
Configuring Switch-to-RADIUS-Server Communication
Command or Action
Example:
Switch(config)# radius-server
host 172.l20.39.46 test username
user1
Step 4
radius-server key string
Example:
Switch(config)# radius-server key
rad123
Step 5
radius-server dead-criteria tries
num-tries
Example:
Switch(config)# radius-server
dead-criteria tries 30
Step 6
end
Example:
Switch(config)# end
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
316
Purpose
The test username username option enables automated testing of the RADIUS
server connection. The specified username does not need to be a valid user name.
The key option specifies an authentication and encryption key to use between the
switch and the RADIUS server.
To use multiple RADIUS servers, reenter this command for each server.
Configures the authorization and encryption key used between the switch and the
RADIUS daemon running on the RADIUS server.
Specifies the number of unanswered sent messages to a RADIUS server before
considering the server to be inactive. The range of num-tries is 1 to 100.
When you configure the RADIUS server parameters:
• Specify the key string on a separate command line.
• For key string, specify the authentication and encryption key used between
the switch and the RADIUS daemon running on the RADIUS server. The
key is a text string that must match the encryption key used on the RADIUS
server.
• When you specify the key string, use spaces within and at the end of the
key. If you use spaces in the key, do not enclose the key in quotation marks
unless the quotation marks are part of the key. This key must match the
encryption used on the RADIUS daemon.
• You can globally configure the timeout, retransmission, and encryption key
values for all RADIUS servers by using with the radius-server host global
configuration command. If you want to configure these options on a per-server
basis, use the radius-server timeout, radius-server transmit, and the
radius-server key global configuration commands. For more information,
see the Cisco IOS Security Configuration Guide, Release 12.4 and the Cisco
IOS Security Command Reference, Release 12.4.
Note
You need to configure some settings on the RADIUS server,
including: the switch IP address, the key string to be shared by both
the server and the switch, and the downloadable ACL (DACL). For
more information, see the RADIUS server documentation.
Returns to privileged EXEC mode.
Configuring Web-Based Authentication
OL-29434-01
Advertisement
Table of Contents
