attributes containing configuration information. If the server rejects the user, it returns a negative result.
If the server rejects the client or the shared "secrets" differ, the server returns no result. If the server
requires additional verification from the user, it returns a challenge, and the request process begins again.
If you use a RADIUS server to authenticate users, you must configure user attributes in the user database
on the RADIUS server. The user attributes include the user name, password, and privilege level.
To set the privilege level, use the
The following example shows an entry in the FreeRADIUS /etc/raddb/users file that allows a
user (name: admin) to log onto the switch with read/write privileges, which is equivalent to privilege level
The values for the Service-Type attribute are as follows:
NAS-Prompt-User indicates the user should be provided a command prompt on the NAS, from
which nonprivileged commands can be executed.
Administrative-User indicates the user should be granted access to the administrative
interface to the NAS, from which privileged commands can be executed.
RADIUS Configuration Examples
This section contains examples of commands used to configure RADIUS settings on the switch.
Example #1: Basic RADIUS Server Configuration
This example configures two RADIUS servers at 10.10.10.10 and 220.127.116.11. Each server has a unique
shared secret key. The shared secrets are configured to be
10.10.10.10 is configured as the primary server. The process creates a new authentication list, called
radiusList, which uses RADIUS as the primary authentication method, and local authentication as a
backup method in the event that the RADIUS server cannot be contacted.
Auth-Type := Local,
User-Password == "pass1234"
Service-Type = NAS-Prompt-User
Auth-Type := Local,
User-Password == "pass5678"
Service-Type = Administrative-User
attribute. Do not us any vendor-specific attribute
respectively. The server at