Setting The Radius Server Address; Setting The Global Preshared Key - Cisco DS-X9530-SF1-K9 - Supervisor-1 Module - Control Processor Configuration Manual

Configuring RADIUS
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
RADIUS is a distributed client/server protocol that secures networks against unauthorized access. In the
Cisco implementation, RADIUS clients run on Cisco MDS 9000 Family switches and send
authentication requests to a central RADIUS server that contains all user authentication and network
service access information.

Setting the RADIUS Server Address

You can add up to 64 RADIUS servers. RADIUS keys are always stored in encrypted form in persistent
storage. The running configuration also displays encrypted keys.
To specify the host RADIUS server address and the options, follow these steps:
Command
Step 1
switch# config t
Step 2
switch(config)# radius-server host 10.10.0.0
key HostKey
Step 3
switch(config)# radius-server host 10.10.0.0
auth-port 2003
Step 4
switch(config)# radius-server host 10.10.0.0
acct-port 2004
Step 5
switch(config)# radius-server host 10.10.0.0
accounting
Step 6
switch(config)# radius-server host radius2
key 0 abcd
switch(config)# radius-server host radius3
key 4 da3Asda2ioyuoiuH

Setting the Global Preshared Key

You need to configure the RADIUS preshared key to authenticate the switch to the RADIUS server. The
length of the key is restricted to 64 characters and can include any printable ASCII characters (white
spaces are not allowed). You can configure a global key to be used for all RADIUS server configurations
on the switch.
You can override this global key assignment by explicitly using the key option in the radius-server host
command.
Cisco MDS 9000 Family CLI Configuration Guide
28-6
Chapter 28 Configuring RADIUS and TACACS+
Purpose
Enters configuration mode.
Specifies the preshared key for the selected
RADIUS server. This key overrides the key
assigned using the radius-server key
command. In this example, the host is IP address
10.10.0.0 and the key is HostKey.
Specifies the destination UDP port number to
which the RADIUS authentication messages
should be sent. In this example, the host is IP
address 10.10.0.0 and the authentication port is
2003. The default authentication port is 1812,
and the valid range is 0 to 65366.
Specifies the destination UDP port number to
which RADIUS accounting messages should be
sent. The default accounting port is 1813, and
the valid range is 0 to 65366.
Specifies this server to be used only for
accounting purposes.
If neither the authentication nor the
Note
accounting options are specified, the
server is used for both accounting and
authentication purposes.
Specifies a clear text key for the specified
server. The key is restricted to 64 characters.
Specifies a encrypted key for the specified
server. The key is restricted to 64 characters.
OL-8222-01, Cisco MDS SAN-OS Release 3.x