Chapter3 Configuring the CSS as a Client of a RADIUS Server
3-2
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
In a configuration where both a primary RADIUS server and a secondary
RADIUS server are specified, and one or both of the RADIUS servers become
unreachable, the CSS automatically transmits a keepalive authentication request
to query the server(s). The CSS transmits the username “query” and the password
“areyouup” to the RADIUS server (encrypted with the RADIUS server’s key) to
determine the server’s state. The CSS continues to send this keepalive
authentication request until the RADIUS server indicates it is available.
Use the radius-server command and its options to specify the RADIUS server
host (primary RADIUS server, and, optionally, a secondary RADIUS server),
communication time interval settings, and a shared secret text string. This
command is available in global configuration mode.
This chapter contains the following major sections:
•RADIUS Configuration Quick Start
•Configuring a RADIUS Server for Use with the CSS
•Specifying a Primary RADIUS Server
•Specifying a Secondary RADIUS Server
•Configuring the RADIUS Server Timeouts
•Configuring the RADIUS Server Retransmits
•Configuring the RADIUS Server Dead-Time
•Showing RADIUS Server Configuration Information
After configuring the RADIUS server, enable RADIUS authentication for console
and virtual logins (if the username and password pair is not in the local user
database) through the virtual authentication and console authentication
commands. Refer to Chapter 1, Controlling CSS Access for details on the two
commands.