12-12
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 12 Configuring Web-Based Authentication
Configuring Web-Based Authentication
To configure the RADIUS server parameters, perform this task:
When you configure the RADIUS server parameters:
Specify the key string on a separate command line.
For key string, specify the authentication and encryption key used between the switch and the
RADIUS daemon running on the RADIUS server. The key is a text string that must match the
encryption key used on the RADIUS server.
When you specify the key string, use spaces within and at the end of the key. If you use spaces in
the key, do not enclose the key in quotation marks unless the quotation marks are part of the key.
This key must match the encryption used on the RADIUS daemon.
You can globally configure the timeout, retransmission, and encryption key values for all RADIUS
servers by using with the radius-server host global configuration command. If you want to
configure these options on a per-server basis, use the radius-server timeout, radius-server
retransmit, and the radius-server key global configuration commands. For more information, see
the
Cisco IOS Security Configuration Guide, Release 12.2 and the
Cisco IOS Security Command Reference, Release 12.2 at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/fsecur_r.html
Note You need to configure some settings on the RADIUS server, including: the switch IP address, the key
string to be shared by both the server and the switch, and the downloadable ACL (DACL). For more
information, see the RADIUS server documentation.
Command Purpose
Step 1 ip radius source-interface interface_name Specify that the RADIUS packets have the IP address of
the indicated interface.
Step 2 radius-server host {hostname | ip-address} test
username username Specify the host name or IP address of the remote
RADIUS server.
The test username username option enables automated
testing of the RADIUS server connection. The specified
username does not need to be a valid user name.
The key option specifies an authentication and encryption
key to use between the switch and the RADIUS server.
To use multiple RADIUS servers, reenter this command
for each server.
Step 3 radius-server key string Configure the authorization and encryption key used
between the switch and the RADIUS daemon running on
the RADIUS server.
Step 4 radius-server vsa send authentication Enable downloading of an ACL from the RADIUS server.
This feature is supported in
Cisco IOS Release 12.2(50)SG.
Step 5 radius-server dead-criteria tries num-tries Specify the number of unanswered sent messages to a
RADIUS server before considering the server to be
inactive. The range of num-tries is 1 to 100.