Table of Contents
Advertisement
17
Configuring RADIUS
311
Remote Authorization Dial-In User Service (RADIUS) servers provide a centralized
802. 1 X or MAC-based network access control. The device is a RADIUS client that
can use a RADIUS server to provide centralized security.
An organization can establish a Remote Authorization Dial-In User Service
(RADIUS) server to provide centralized 802. 1 X or MAC-based network access
control for all of its devices. In this way, authentication and authorization can be
handled on a single server for all devices in the organization.
The device can act as a RADIUS client that uses the RADIUS server for the
following services:
•
Authentication—Provides authentication of regular and 802. 1 X users
logging onto the device by using usernames and user-defined passwords.
•
Authorization—Performed at login. After the authentication session is
completed, an authorization session starts using the authenticated
username. The TACACS+ server then checks user privileges.
•
Accounting—Enable accounting of login sessions using the RADIUS server.
This enables a system administrator to generate accounting reports from
the RADIUS server.
Accounting Using a RADIUS Server
The user can enable accounting of login sessions using either a RADIUS or
TACACS+ server.
The user-configurable, TCP port used for RADIUS server accounting is the same
TCP port that is used for RADIUS server authentication and authorization.
Defaults
The following defaults are relevant to this feature:
•
No default RADIUS server is defined by default.
•
If you configure a RADIUS server, the accounting feature is disabled by
default.
Cisco Small Business 300 Series Managed Switch Administration Guide
Security
Configuring RADIUS
Advertisement
Table of Contents
