Cisco Systems DOC-7814982 Configuring Settings for All RADIUS Servers, Configuring the Switch to Use Vendor-Specific RADIUS Attributes

7-29

Catalyst 2950 Desktop Switch Software Configuration Guide

78-14982-01

Chapter 7 Adminis tering the Switch Controlling Switch Access with RADIUS

Configuring Settings for All RADIUS Servers

Beginning i n privileged E X EC mo de , follow these s teps to c on figure gl obal com mun ica tion sett ings

between the switch and all RADIUS servers:

To return to the default setting for the retransmit, timeout, and deadtime, use the no form s of t h ese

commands.

The In te rnet Engi neer in g Ta sk Force ( IE TF) dr af t st anda rd spec ifies a m e thod fo r c ommu ni cat ing

vendor-specific info rmation be tween th e switch an d the RAD IUS server by using the vendor-spec ific

attribute (attribute 26). Vendor-specific attributes (VSAs) allow vendors to support their own extended

attributes not suitable for general use. The Cisco RADIUS implementation supports one vendor-specific

option by using the for mat reco mmen d ed in the specificat ion. Cisco ’s vendor-ID is 9, and the supported

option ha s vendor-type 1, whi ch is nam ed cisco-avpair. The value is a strin g with this format:

protocol : attribute sep value *

Protocol is a value of the Cisco protocol attribute fo r a particu lar type of au thor izatio n. Attribute and

value are an a ppr op r iate attribute -value (AV) p air d efined in the Ci s co TACACS+ speci fication, and sep

is = for mandatory attributes and * for optional attributes. This allows the full set of featu res available

for TACACS+ authorization to also be used for RADIUS.

Command Purpose

Step 1 configure terminal Enter globa l configurati on mode.

Step 2 rad iu s- s erver ke y string Specify the shared secret text string used be tween the switch an d all

RADIUS servers.

Note The key is a text string that must match the encryption key used on

the RADIUS server. Leading spaces are ignored, but spaces within

and at the end of the k e y are used . If you use s paces in yo ur k e y, do

not encl ose th e key in qu otat ion mar ks u nle ss the q uot ati on marks

are part of th e key.

Step 3 radi us - server ret rans m it retries Specify the number of times the switch sends each RADIUS request to the

server before giving up. The default is 3; the range 1 to 1000.

Step 4 radi us - server t im eo ut seconds Specify the number of seconds a switch waits f or a reply to a RADIUS

request before resending the request. The default is 5 seconds; the ra nge is

1 to 10 00.

Step 5 radius-server deadtime minutes Sp ecify the number of minutes a RADIUS server, which is not responding

to authenti cation re quests, to be skipped, t hus avoiding the wait for the

request to t imeout bef ore tryi ng the next configur ed server. The de fault is

0; the r ange is 1 t o 14 40 minu tes.

Step 6 end Return to p rivileged EXEC mod e.

Step 7 show running-config Verify your se tting s.

Step 8 copy running-config startup-config (Optiona l) Save your entries in the co nfigurati on file.