2-120 Command Line Interface Commands Reference
radius-server{ 1 2 } { ip-address hostname } [ secret secret ] no radius-server{ 1 2 }
show radius-server [ 1 2 ]
These commands allow you to specify, delete, or show a RADIUS server either by using an IP address in dotted-quad notation or by using a hostname to be resolved using the Domain Name System (DNS) information configured in the router. In addition to specifying the server’s IP address or hostname, you must also specify a shared-secret known to both the router and the RADIUS server. The secret is used to encrypt RADIUS transactions in transit.
radius identifier identifier
This command allows you to specify the RADIUS identifier as either an IP address in dotted-quad notation (to be used as the value of the NAS-IP-Address (4) attribute), or an arbitrary string (to be used as the value of the NAS-Identifier (32) attribute), in the router’s outgoing Access-Request packets. The RADIUS identifier is limited to 63 characters.
TACACS+ Authentication Configuration Commands
Note: The commands in this section are supported beginning with firmware version 8.4, and supplement the RADIUS server commands in the previous section.
TACACS+ Authentication Configuration Commands
console authentication
[ local radius radius-local radius-local serial-only local-radius tacacs-plus tacacs-plus-local tacacs-plus-local serial-only local-tacacs-plus ]
remote-server { index } { host } secret key
tacacs-plus accounting [ yes no ]
console authentication
[ local radius radius-local radius-local serial-only local-radius tacacs-plus tacacs-plus-local tacacs-plus-local serial-only local-tacacs-plus ]
This command sets the remote authentication protocol to RADIUS or TACACS+ and selects the ordering of the security database lookup.
remote-server { index } { host } secret key
This command sets up the primary and alternate authentication servers. It applies to both RADIUS and TACACS+. The radius-servercommand is retained for backward compatibility. If the remote authentication protocol is set to RADIUS, show config will display "radius-server…” rather than “remote-server…”
