7-26
Catalyst 2950 Desktop Switch Software Configuration Guide
78-14982-01
Chapter 7 Administering the Switch
Controlling Switch Access with RADIUS
Beginning i n privileged E XEC mo de, fol low these s teps to d efine t he A AA ser ver grou p a nd assoc iat e
a particular RADIUS server with it:
Command Purpose
Step 1 configure terminal Enter globa l configurati on mode.
Step 2 radius-server host {hostname |
ip-address} [auth-port port-number]
[acct-port port-number] [timeout
seconds] [retransmit retries] [key
string]
Specify the IP address or host name of the remote RADIUS server host.
(Optiona l) For auth-port port-number, specify the UDP destination
port for authentication requests.
(Optiona l) For acct-por t port-number, specify the UDP destination
port fo r ac co unting re qu ests.
(Optiona l) For timeou t seconds, specify the time interval that the
switch wai ts f or the RAD IUS server t o repl y be fo re r ese ndin g. The
range is 1 to 10 00. Th is s etti ng override s th e r adi us- s erver ti me out
global configuration command setting. If no timeout is set with the
radius - server ho s t command, the setting of the radius-server
timeout command is used.
(Optiona l) For retransmit retries, specify the number of times a
RADIUS reque st i s resen t to a se rver if that se rver is n ot respon di ng
or respondi ng slowly. The range is 1 to 1000. If no retra nsmit value
is se t wi th th e radius-server host command, the setting of the
radius - server ret ra ns mi t g loba l c onfigura tio n c omma nd is u sed .
(Optiona l) For key string, specify the authentication and encryption
ke y used between the switch and the RADIUS daemon running on the
RADIU S s erver.
Note The key is a text string that must matc h the en cryption key used
on the RADIUS server. Always configure the key as the last item
in the radius-server host command. Leadi ng sp ac es ar e ign o re d,
but spaces within and at the end of the key are used. If you use
spaces in yo ur key, do not enclose th e key in quotation mar ks
unless the quot at ion marks a re p art of t he key.
To configure the s wi tch to re cognize more tha n one host entry associated
with a si ng le IP ad dr es s, enter this co m man d as many times as necess a ry,
making sure that each UDP port number is dif ferent. The switch software
searches f or hosts in th e order in wh ich you specify t hem. Set the timeout,
retransmit, and encryption key values to use with the specific RADIUS
host.
Step 3 aaa new-model Enable AAA.
Step 4 aaa group server radius group-name Define the AAA server-group with a group name.
This co mm an d p uts t h e switc h in a server gr oup configu rat ion m od e.
Step 5 server i p-add ress Associat e a parti cular RAD IUS ser ver with the defined server group.
Repeat this step for each RADIUS server in the AAA server group.
Each se rver i n th e gro up must be p reviou sly d efined in St ep 2 .
Step 6 end Return to privileged EXEC mode.
Step 7 show running-config Verify your ent ries.