7-21
Catalyst 2950 Desktop Switch Software Configuration Guide
78-14982-01
Chapter 7 Adminis tering the Switch Controlling Switch Access with RADIUS
You id en tify R ADIU S se cu rity s ervers by t hei r host name or I P a dd ress, host na me and spe cific UD P
port numbers, or their IP address and specific UDP port numbers. The combination of the IP address and
the UDP port number creates a unique identifier, allowing different ports to be individually defined as
RADIUS hosts p roviding a spe cific AA A service. This u nique identif ier enabl es RADIUS requests to be
sent to multiple UDP ports on a server at the same IP address.
If two different host entries on the same RADIUS server are configured for the same servicefor
example, accountingthe secon d host entr y configured acts as a f ail- ov er backup to th e f ir st one. Usi ng
this example, if the first host entry fails to prov ide accounting services, the switch tries the second host
entry configured on the same device for accounting services. (The RADIUS host entries are tried in the
order t ha t t h ey are c onfigured .)
A RADIUS server and the switch use a shared secret text string to encrypt passwords and exchange
responses. To configur e RADIUS to use the AAA secu rity commands, you must specif y the host running
the RADIUS server daemon and a secret text (key) string that it shares with the switch.
The time out, ret ransmi ssion, and encr yption key val ues can be co nfigured glob ally fo r all RADIUS
servers, on a pe r-server basis, or in some com bina ti on o f gl obal a nd per-server set tings. To appl y thes e
settings globally to all RADIUS servers communicating with the switch, use the three unique global
configurati on comm a nds: ra dius- server ti meo ut, radius-server retransmit, and radiu s- server ke y.
To apply these values on a specific RADIUS server, use the radius-server host g lobal configura tio n
command.
Note If you con figure b oth globa l a nd per-server fu nct ions (ti meout , re transm i ssion, and key
commands) on the switch, the per-server timer, retransmission, an d key value commands
override globa l ti mer, retransm ission, a nd key value c omm an ds. For i nf ormat ion on
configuring th ese setti ng on all RADIU S servers, see the Configuring Sett ings for All
RADIUS Servers section on pa ge 7-29.
You can configure the switch to use AAA server groups to group existing server hosts for authentication.
For more information, see th e Defining AAA Server Groups section on page 7-25 .
Beginning i n privileged E XEC mo de, foll ow these s teps to c on figure p er-server R ADI US ser ver
comm unicatio n. This pr oced ure is requir ed.