Cisco Systems XR manual Radius-server host, Timeout seconds, Retransmit retries, SR-41

Page 41

Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software

radius-server host

radius-server host

To specify a RADIUS server host, use the radius-server host command in global configuration mode. To delete the specified RADIUS host, use the no form of this command.

radius-server host {hostname ip-address}[auth-portport-number][acct-portport-number]

[timeout seconds] [retransmit retries] [key string]

 

 

no radius-server host {hostname ip-address}[auth-port port-number][acct-port port-number]

 

 

 

 

Syntax Description

 

hostname

Domain Name System (DNS) name of the RADIUS server host.

 

 

 

 

 

 

ip-address

IP address of the RADIUS server host.

 

 

 

 

 

 

auth-portport-number

(Optional) Specifies the User Datagram Protocol (UDP) destination port for

 

 

 

authentication requests; the host is not used for authentication if set to 0. If

 

 

 

unspecified, the port number defaults to 1645.

 

 

 

 

 

 

acct-portport-number

(Optional) Specifies the UDP destination port for accounting requests; the

 

 

 

host is not used for accounting if set to 0. If unspecified, the port number

 

 

 

defaults to 1646.

 

 

 

 

 

 

timeout seconds

(Optional) The time interval (in seconds) that the router waits for the

 

 

 

RADIUS server to reply before retransmitting. This setting overrides the

 

 

 

global value of the radius-server timeout command. If no timeout value is

 

 

 

specified, the global value is used. Enter a value in the range from 1 to 1000.

 

 

 

Default is 5.

 

 

 

 

 

 

retransmit retries

(Optional) The number of times a RADIUS request is re-sent to a server, if

 

 

 

that server is not responding or responding slowly. This setting overrides the

 

 

 

global setting of the radius-server retransmit command. If no retransmit

 

 

 

value is specified, the global value is used. Enter a value in the range from 1

 

 

 

to 100. Default is 3.

 

 

 

 

 

 

key string

(Optional) Specifies the authentication and encryption key used between the

 

 

 

router and the RADIUS server. This key overrides the global setting of the

 

 

 

radius-server key command. If no key string is specified, the global value

 

 

 

is used.

 

 

 

The key is a text string that must match the encryption key used on the

 

 

 

RADIUS server. Always configure the key as the last item in the

 

 

 

radius-server host command syntax. This is because the leading spaces are

 

 

 

ignored, but spaces within and at the end of the key are used. If you use

 

 

 

spaces in the key, do not enclose the key in quotation marks unless the

 

 

 

quotation marks themselves are part of the key.

 

 

 

 

 

No RADIUS host is specified; use global radius-servercommand values.

Defaults

 

 

 

 

 

Command Modes

 

Global configuration

 

Cisco IOS XR System Security Command Reference

SR-41

Image 41
Contents SR-1 SR-2 Aaa accountingSR-3 Creates a method list to be used for authorizationAaa Read, write SR-4 Aaa accounting system defaultSR-5 Creates a method list for authenticationCreates a method list for authorization SR-6 Aaa authenticationSR-7 Radius, group named-group,local, or line optionsCreates a method list for accounting SR-8 Command DescriptionNetwork Aaa authorizationLocal SR-9SR-10 SR-11 Which specifies that TACACS+ authorization is usedSR-12 Aaa default-taskgroupSR-13 Aaa group server radiusSR-14 Comprises three member serversSR-15 Aaa group server tacacs+SR-16 SR-17 Aaa accounting commandAccounting SR-18 List named listname2 on a line template named configureSR-19 AuthorizationAuthorization command SR-20 Listname4 on a line template named configureSR-21 Deadtime server-group configurationDeadtime minutes no deadtime SR-22 Related Commands DescriptionSR-23 Description AAADescription string No description SR-24 TaskgroupSR-25 GroupSR-26 Task ID ExamplesSR-27 Inherit taskgroupSR-28 SR-29 Inherit usergroupInherit usergroup usergroup-name SR-30 Sales user groupSR-31 Login authenticationAuthentication login command SR-32 SR-33 Password AAAPassword 0 7 password No password 0 7 password SR-34 SR-35 Radius-server dead-criteria timeSR-36 SR-37 Radius-server dead-criteria triesSR-38 Dead-criteria timeSR-39 Radius-server deadtimeRadius-server deadtime minutes No radius-server deadtime SR-40 Radius-server host Timeout secondsRetransmit retries SR-41SR-42 SR-43 SR-44 Radius-server keySR-45 Specifies a Radius server hostSR-46 Radius-server retransmitSR-47 Radius-server timeoutRadius-server timeout seconds No radius-server timeout SR-48 Radius source-interfaceSR-49 Outgoing Radius packetsSR-50 SecretSecret 0 5 secret no secret 0 5 secret SR-51 SR-52 Server RadiusSR-53 SR-54 Server TACACS+SR-55 Groups different TACACS+ server hosts into distinct listsSR-56 Show aaaAaa usergroup operator SR-57SR-58 SR-59 Displays task IDs enabled for the currently logged-in userShow radius If no radius servers are configured, no output is displayedShow radius SR-60SR-61 Field DescriptionSR-62 Show radius accountingShow radius accounting SR-63 Show radius authenticationSR-64 Show radius authenticationShow radius authentication SR-65 Show radius accountingSR-66 Show radius clientShow radius client SR-67 SR-68 Show radius dead-criteriaSR-69 Show radius server-groups No default behavior or valuesShow radius server-groups SR-70SR-71 Field DescriptionSR-72 Show tacacsShow tacacs SR-73 SR-74 Show tacacs server-groupsShow tacacs server-groups SR-75 SR-76 Show task supportedShow task supported Ouni pkg-mgmt pos-dpt ppp SR-77SR-78 Show userUser all SR-79SR-80 SR-81 SR-82 Tacacs-server hostSR-83 SR-84 Tacacs-server keyTacacs-server key key-nameno tacacs-server key SR-85 Specifies a TACACS+ hostSR-86 Tacacs-server timeoutTacacs-server timeout seconds No tacacs-server timeout SR-87 Tacacs source-interfaceSR-88 Aaa group server radiusWrite TaskExecute DebugSR-90 SR-91 TaskgroupSR-92 Creates a task group description in task configuration modeAdds a task ID to a task group SR-93 Timeout login responseSR-94 Enables AAA authentication for loginsSR-95 UsergroupSR-96 Creates a description of a task group during configurationSR-97 UsernameCreates a login password for a user Defines a method list for authenticationAdds a user to a group SR-98SR-99 Users groupSR-100 Given operator privileges