Configuring Radius - Extreme Networks ExtremeWare XOS Guide Manual
Concepts guide
Hide thumbs
Also See for ExtremeWare XOS Guide:
- Command reference manual (2024 pages) ,
- Manual (698 pages) ,
- Command reference manual (1712 pages)
Table of Contents
Advertisement
Authenticating Users Using RADIUS or TACACS+
Configuring RADIUS Accounting
Extreme Networks switches are capable of sending RADIUS accounting information. As with RADIUS
authentication, you can specify two servers for receipt of accounting information.
To specify RADIUS accounting servers, use the following command:
configure radius-accounting [primary | secondary] server [<ipaddress> | <hostname>]
{<tcp_port>} client-ip [<ipaddress>] {vr <vr_name>}
To configure the timeout if a server fails to respond, use the following command:
configure radius-accounting timeout <seconds>
RADIUS accounting also uses the shared secret password mechanism to validate communication
between network access devices and RADIUS accounting servers.
To specify shared secret passwords for RADIUS accounting servers, use the following command:
configure radius-accounting [primary | secondary] shared-secret {encrypted} <string>
After you configure RADIUS accounting server information, you must enable accounting before the
switch begins transmitting the information. You must enable RADIUS authentication for accounting
information to be generated. You can enable and disable accounting without affecting the current state
of RADIUS authentication.
To enable RADIUS accounting, use the following command:
enable radius-accounting
To disable RADIUS accounting, use the following command:
disable radius-accounting
Per Command Authentication Using RADIUS
You can use the RADIUS implementation to perform per command authentication. Per command
authentication allows you to define several levels of user capabilities by controlling the permitted
command sets based on the RADIUS user name and password.
You do not need to configure any additional switch parameters to take advantage of this capability. The
RADIUS server implementation automatically negotiates the per command authentication capability
with the switch. For examples on per-command RADIUS configurations, see the next section.
Configuring RADIUS
You can define primary and secondary server communication information and, for each RADIUS server,
the RADIUS port number to use when talking to the RADIUS server. The default port value is 1812 for
authentication and 1813 for accounting. The client IP address is the IP address used by the RADIUS
server for communicating back to the switch.
243
ExtremeWare XOS 11.1 Concepts Guide
Advertisement
Table of Contents
