Configuring A Radius Connection; Using The Cli To Configure Access Through Radius - Dell Force10 S2410-01-10GE-24P Configuration Manual

Configuring a RADIUS Connection

Remote Authentication Dial-In User Service (RADIUS) is another means of port-based network access
control. The switch acts as an intermediary to a RADIUS server, which provides both an authentication
and an accounting function to maintain data on service usages.
Under RFC 2866, an extension was added to the RADIUS protocol giving the client the ability to deliver
accounting information about a user to an accounting server. Exchanges to the accounting server follow
similar guidelines to that of an authentication server, but the flows are much simpler.
At the start of service for a user, the RADIUS client configured to use accounting sends an accounting start
packet specifying the type of service that it will deliver. Once the server responds with an
acknowledgement, the client periodically transmits accounting data. At the end of service delivery, the
client sends an accounting stop packet allowing the server to update specified statistics. The server again
responds with an acknowledgement.
Setting up a connection to a server running Remote Authentication Dial-In User Service (RADIUS) is
basically the same as the TACACS+ procedure described above (see
Authentication Method on page 135
where you identify the address of the authentication server and you specify an ordered set of authentication
methods. The following RADIUS commands are documented in the Security chapter of the SFTOS
Command Reference:
• radius accounting mode
•
radius server host
• radius server key
accounting / authentication server.
• radius server msgauth:
•
radius server primary:
•
radius server retransmit:
response is received from the RADIUS server.
•
radius server timeout:
the RADIUS server if no response is received.
•
show radius:
configured RADIUS servers.
•
show radius accounting statistics:
server, and the statistics for the configured accounting server.
• show radius statistics

Using the CLI to Configure Access through RADIUS

The following example configuration sequence configures:
• A single RADIUS server at IP address 10.10.10.10, to be used for both authentication and accounting
• The RADIUS server shared secret for both authentication and accounting to be the word "secret"
• An authentication list called "radiusList", specifying RADIUS as the only authentication method
138 | Providing User Access Security
and Configuring TACACS+ Server Connection Options on page
: Enable the RADIUS accounting function.
: Configure the RADIUS authentication and accounting server.
: Configure the shared secret between the RADIUS client and the RADIUS
Enable the message authenticator attribute for a specified server.
Configure the primary RADIUS authentication server for this RADIUS client.
Set the maximum number of times a request packet is re-transmitted when no
Set the timeout value (in seconds) after which a request must be retransmitted to
to display the various RADIUS configuration items for the switch as well as the
Display the configured RADIUS accounting mode, accounting
(authentication): Display the statistics for RADIUS or configured server.
Choosing a TACACS+ Server and
137),