Chapter 3 Configuring the CSS as a Client of a RADIUS Server

Specifying a Primary RADIUS Server

To add a user to a group, go to the User Setup section of the Cisco Secure ACS HTML interface:

On the User Setup Select page, specify a username.

On the User Setup Edit page, specify the following:

Password Authentication - Select an applicable authentication type from the list.

Password - Specify and confirm a password.

Group - Select the previously created RADIUS group to which you want to assign the user.

Specifying a Primary RADIUS Server

To specify a primary RADIUS server used to authenticate user information from the CSS RADIUS client (console or virtual authentication), use the radius-server primary command . The syntax for this global configuration mode command is:

radius-server primary ip_address secret string {auth-port port_number}

Options and variables for this command are as follows:

primary ip_address - The IP address or host name for the primary RADIUS server. Enter the address in either dotted-decimal IP notation (for example, 192.168.11.1) or mnemonic host-name format (for example, myhost.mydomain.com).

secret string - The shared secret text string between the primary RADIUS server and the CSS RADIUS client. The shared secret allows authentication transactions between the client and primary RADIUS server to occur. Enter the shared secret as a case-sensitive string with no spaces (16 characters maximum).

auth-portport_number - (Optional) The UDP port on the primary RADIUS server allocated to receive authentication packets from the RADIUS client. Valid entries are 0 to 65535. The default is 1645.

To specify a primary RADIUS server, enter:

(config)# radius-server primary 172.27.56.76 secret Hello auth-port

30658

 

Cisco Content Services Switch Security Configuration Guide

3-6

OL-5650-02

Page 76
Image 76
Cisco Systems OL-5650-02 manual Specifying a Primary Radius Server