Information About Radius; Radius And Switch Access; Radius Overview - Cisco Catalyst 2960-XR Security Configuration Manual

Configuring RADIUS

Information about RADIUS

RADIUS and Switch Access

This section describes how to enable and configure RADIUS. RADIUS provides detailed accounting information
and flexible administrative control over the authentication and authorization processes.
The switch supports RADIUS for IPv6. Information is in the "RADIUS Over IPv6" section of the "Implementing
ADSL for IPv6" chapter in the Cisco IOS XE IPv6 Configuration Guide, Release 2. For information about
configuring this feature, see the "Configuring the NAS" section in the "Implementing ADSL for IPv6" chapter
in the Cisco IOS XE IPv6 Configuration Guide, Release 2.
For complete syntax and usage information for the commands used in this section, see the Cisco IOS
Note
Security Command Reference, Release 12.4 and the Cisco IOS IPv6 Command Reference.
Related Topics
Prerequisites for Controlling Switch Access with RADIUS, on page 51
Configuring the Switch for Local Authentication and Authorization, on page 81
SSH Servers, Integrated Clients, and Supported Versions, on page 87

RADIUS Overview

RADIUS is a distributed client/server system that secures networks against unauthorized access. RADIUS
clients run on supported Cisco routers and switches. Clients send authentication requests to a central RADIUS
server, which contains all user authentication and network service access information.
Use RADIUS in these network environments that require access security:
• Networks with multiple-vendor access servers, each supporting RADIUS. For example, access servers
• Turnkey network security environments in which applications support the RADIUS protocol, such as
• Networks already using RADIUS. You can add a Cisco switch containing a RADIUS client to the
• Network in which the user must only access a single service. Using RADIUS, you can control user
OL-29434-01
from several vendors use a single RADIUS server-based security database. In an IP-based network with
multiple vendors' access servers, dial-in users are authenticated through a RADIUS server that has been
customized to work with the Kerberos security system.
in an access environment that uses a smart card access control system. In one case, RADIUS has been
used with Enigma's security cards to validates users and to grant access to network resources.
network. This might be the first step when you make a transition to a TACACS+ server. See Figure 2:
Transitioning from RADIUS to TACACS+ Services below.
access to a single host, to a single utility such as Telnet, or to the network through a protocol such as
IEEE 802.1x. For more information about this protocol, see Chapter 11, "Configuring IEEE 802.1x
Port-Based Authentication."
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
Information about RADIUS
53