Radius Operation; Configuring Radius - Cisco 3845 - Security Bundle Router Software Manual
Software configuration guide
Hide thumbs
Also See for 3845 - Security Bundle Router:
- Manual (94 pages) ,
- Quick start manual (38 pages) ,
- Hardware installation manual (418 pages)
Table of Contents
Advertisement
Chapter 8
Configuring Switch-Based Authentication
RADIUS Operation
When a user attempts to log in and authenticate to a switch that is access controlled by a RADIUS server,
these events occur:
1.
2.
3.
The ACCEPT or REJECT response is bundled with additional data that is used for privileged EXEC or
network authorization. Users must first successfully complete RADIUS authentication before
proceeding to RADIUS authorization, if it is enabled. The additional data included with the ACCEPT or
REJECT packets includes these items:
•
•
Configuring RADIUS
This section describes how to configure your switch to support RADIUS. At a minimum, you must
identify the host or hosts that run the RADIUS server software and define the method lists for RADIUS
authentication. You can optionally define method lists for RADIUS authorization and accounting.
A method list defines the sequence and methods to be used to authenticate, to authorize, or to keep
accounts on a user. You can use method lists to designate one or more security protocols to be used (such
as TACACS+ or local username lookup), thus ensuring a backup system if the initial method fails. The
software uses the first method listed to authenticate, to authorize, or to keep accounts on users; if that
method does not respond, the software selects the next method in the list. This process continues until
there is successful communication with a listed method or the method list is exhausted.
You should have access to and should configure a RADIUS server before configuring RADIUS features
on your switch.
These sections contain this configuration information:
•
•
•
•
•
•
•
•
OL-23400-01
The user is prompted to enter a username and password.
The username and encrypted password are sent over the network to the RADIUS server.
The user receives one of these responses from the RADIUS server:
a.
ACCEPT—The user is authenticated.
b.
REJECT—The user is either not authenticated and is prompted to re-enter the username and
password, or access is denied.
c.
CHALLENGE—A challenge requires additional data from the user.
d.
CHALLENGE PASSWORD—A response requests the user to select a new password.
Telnet, SSH, rlogin, or privileged EXEC services
Connection parameters, including the host or client IP address, access list, and user timeouts
Default RADIUS Configuration, page 8-20
Identifying the RADIUS Server Host, page 8-20
Configuring RADIUS Login Authentication, page 8-22
Defining AAA Server Groups, page 8-24
Configuring RADIUS Authorization for User Privileged Access and Network Services, page 8-26
(optional)
Starting RADIUS Accounting, page 8-27
Configuring Settings for All RADIUS Servers, page 8-28
Configuring the Switch to Use Vendor-Specific RADIUS Attributes, page 8-28
(required)
(required)
(optional)
(optional)
(optional)
Cisco ME 3800X and 3600X Switch Software Configuration Guide
Controlling Switch Access with RADIUS
(optional)
8-19
- Quick Links:
- Vlan Features
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
