Table of Contents
Advertisement
Configuring Authentication on the Switch
To set up the RADIUS username and enable RADIUS authentication, perform this task in privileged
mode:
Task
Step 1
Enable RADIUS authentication
for normal login mode. Enter the
console or telnet keyword if you
want to enable RADIUS only for
the console port or Telnet
connection attempts.
Step 2
Enable RADIUS authentication
for enable mode. Enter the console
or telnet keyword if you want to
enable RADIUS only for the
console port or Telnet connection
attempts.
Step 3
Create a user $enab15$ on the
RADIUS server and assign a
password to that user.
Step 4
Verify the RADIUS configuration. show authentication
Note
This example shows how to enable RADIUS authentication and verify the configuration:
Console> (enable) set authentication login radius enable
radius login authentication set to enable for console and telnet session.
Console> (enable) set authentication enable radius enable
radius enable authentication set to enable for console and telnet session.
Console> (enable) show authentication
Login Authentication:
---------------------
tacacs
radius
local
Enable Authentication: Console Session
---------------------- ----------------- ----------------
tacacs
radius
local
Console> (enable)
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
39-28
To use RADIUS authentication for enable mode, you must create a user $enab15$ on the
RADIUS server and assign a password to that user. This user needs to be created in addition to
your assigned username and password on the RADIUS server (for example, the username is
john, and the password is hello). After you log in to the Catalyst 6500 series switch with your
assigned username and password (john/hello), you can enter enable mode using the password
that is assigned to the $enab15$ user.
If your RADIUS server does not support the $enab15$ username, you can set the service-type
attribute (attribute 6) to Administrative (value 6) for a RADUIS user to directly launch the user
into enable mode without asking for a separate enable password.
Console Session
----------------
disabled
enabled(primary)
enabled
disabled
enabled(primary)
enabled
Chapter 39
Command
set authentication login radius enable [all | console | http |
telnet] [primary]
set authentication enable radius enable [all | console | http |
telnet] [primary]
See the Note below for additional information.
Telnet Session
----------------
disabled
enabled(primary)
enabled
Telnet Session
disabled
enabled(primary)
enabled
Configuring the Switch Access Using AAA
OL-8978-04
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
