RADIUS failthrough mode is not available for Captive Portal client authenti-
NOTE:
cation and RADIUS-based MAC authentication.
RADIUS Configuration Examples
Configuring RADIUS for Wired Clients
This example configures two RADIUS servers at 10.10.10.10 and 11.11.11.11. Each server
has a unique shared secret key. The shared secrets are configured to be secret1 and secret2
respectively. The server at 10.10.10.10 is configured as the primary server. A new
authentication list, called radiusList, is created which uses RADIUS as the primary
authentication method, and local authentication as a backup method in the event that the
RADIUS server cannot be contacted. This authentication list is then associated with the
default login.
Figure 71. RADIUS Servers in a DWS-3000 Network
When a user attempts to log in, the switch prompts for a username and password. The switch
then attempts to communicate with the primary RADIUS server at 10.10.10.10. Upon
successful connection with the server, the login credentials are exchanged over an encrypted
channel. The server grants or denies access, which the switch honors, and either allows or does
not allow the user to access the switch. If neither of the two servers can be contacted, the
switch searches its local user database for the user.
Using CLI Commands
The following CLI commands perform the configuration described in the example.
config
radius server host auth 10.10.10.10
radius server key auth 10.10.10.10
19
RADIUS Configuration Examples
RADIUS
127