9-28
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter9 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
Configuring the Switch-to-RADIUS-Server Communication
RADIUS security servers are identified by their hostname or IP address, hostname and specific UDP port
numbers, or IP address and specific UDP port numbers. The combination of the IP add ress and UDP port
number creates a unique identifier, which enables RADIUS requests to be sent to multiple UDP ports on
a server at the same IP address. If two different host entries on the sa me RADIUS s er ver are configured
for the same service—for example, authentication—the second host entry configured acts a s the fail-o ver
backup to the first one. The RADIUS host entries are tried in the order that they were configured.
Beginning in privileged EXEC mode, follow these steps to conf igur e the RADIUS s erv er par ameter s on
the switch. This procedure is required.
To delete the specified RADIUS server, use the no radius-server host {hostname | ip-address} global
configuration command.
This example shows how to specify the server with IP address 172.20.39.46 as the R ADI US server, to
use port 1612 as the authorization port, and to set the en cryption key to rad123, matching the key on the
RADIUS server:
Switch(config)# radius-server host 172.l20.39.46 auth-port 1612 key rad123
You can globally configure the timeout, retransmission, and encryption key values for all RADIUS
servers by using the radius-server host global configuration command. If you want to configure these
options on a per-server basis, use the radius-server timeout, radius-server retransmit, and the
radius-server key global configuration commands. For more information, see the “Configuring Settings
for All RADIUS Servers” section on page7-29.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 radius-server host {hostname |
ip-address} auth-port port-number key
string
Configure the RADIUS server parameters.
For hostname | ip-address, specify the hostname or IP address of the
remote RADIUS server.
For auth-port port-number, specify the UDP destination port for
authentication requests. The default is 1812. The range is 0 to 65536.
For key string, specify the authentication and encryption key used
between the switch and the RADIUS daemon running on the RADIUS
server. The key is a text string that must match the encryption key used on
the RADIUS server.
Note Always configure the key as the last item in the radius-server
host command syntax because leading spaces are ignored, but
spaces within and at the end of the key are used. If you u se sp aces
in the key, do not enclose the key in quotation marks unless the
quotation marks are part of the key. This key must match the
encryption used on the RADIUS daemon.
If you want to use multiple RADIUS servers, re-enter this command.
Step3 end Return to privileged EXEC mode.
Step4 show running-config Verify your entries.
Step5 copy running-config startup-config (Optional) Save your entries in the configuration file.