Cisco Systems DOC-7814982

7-22

Catalyst 2950 Desktop Switch Software Configuration Guide

78-14982-01

Chapter 7 Administering the Switch

Controlling Switch Access with RADIUS

To remove the specified RADIUS server, use the no radius-server host hostname | ip-add ress glob al

configurati on comm a nd.

This example shows how to configure one RADIUS server to be used for authentication and another to

be us ed for ac coun ting :

Switch(config)# radius-server host 172.29.36.49 auth-port 1612 key rad1

Switch(config)# radius-server host 172.20.36.50 acct-port 1618 key rad2

Command Purpose

Step 1 configure terminal Enter globa l configurati on mode.

Step 2 radius-server host {hostname |

ip-address} [auth-port port-number]

[acct-port port-number] [timeout

seconds] [retransmit retries] [key

string]

Specify the IP address or host name of the remote RADIUS server host.

•(Optiona l) For auth-port port-number, specify the UDP destination

port for authentication requests.

•(Optiona l) For acct-por t port-number, specify the UDP destination

port fo r ac co unting re qu ests.

•(Optiona l) For timeou t seconds, specify the time interval that the

switch wai ts f or the RAD IUS server t o repl y be fo re r ese ndin g. The

range is 1 to 10 00. Th is s etti ng override s th e r adi us- s erver ti me out

global configuration command setting. If no timeout is set with the

radius - server ho s t command, the setting of the radius-server

timeout command is used.

•(Optiona l) For retransmit retries, specify the number of times a

RADIUS reque st i s resen t to a se rver if that se rver is n ot respon di ng

or respondi ng slowly. The range is 1 to 1000. If no retransm it value

is se t wi th th e radius-server host command, the setting of the

radius - server ret ra ns mi t g loba l c onfigura tio n c omma nd is u sed .

•(Optiona l) For key string, specify the authentication and encryption

ke y used between the switch and the RADIUS daemon running on the

RADIU S s erver.

Note The key is a text string that must matc h the en cryption key used

on the RADIUS server. Always configure the key as the last item

in the radius-server host command. Leading spaces are ign o re d,

but spaces within and at the end of the key are used. If you use

spaces in yo ur key, do not encl ose the key in quotation marks

unless the quot at ion marks a re p art of t he key.

To configure the switch to recognize more than one host ent ry associated

with a si ng le IP ad dr es s, enter this co m man d as many times as necessa ry,

making sure that each UDP port number is dif ferent. The switch software

searches f or hosts in th e order in wh ich you specify t hem. Set the timeout,

retransmit, and encryption key values to use with the specific RADIUS

host.

Step 3 end Return to privileged EXEC mode.

Step 4 show running-config Verify your e ntri es.

Step 5 copy running-config startup-config (Optiona l) Save your entries in the co nfigurati on file.