Chapter3 Configuring the CSS as a Client of a RADIUS Server
Specifying a Primary RADIUS Server
3-6
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
To add a user to a group, go to the User Setup section of the Cisco Secure ACS
HTML interface:
•On the User Setup Select page, specify a username.
•On the User Setup Edit page, specify the following:
–
Password Authentication - Select an applicable authentication type from
the list.
–
Password - Specify and confirm a password.
–
Group - Select the previously created RADIUS group to which you want
to assign the user.
Specifying a Primary RADIUS ServerTo specify a primary RADIUS server used to authenticate user information from
the CSS RADIUS client (console or virtual authentication), use the radius-server
primary command . The syntax for this global configuration mode command is:
radius-server primary ip_address secret string {auth-port port_number}
Options and variables for this command are as follows:
•primary ip_address - The IP address or host name for the primary RADIUS
server. Enter the address in either dotted-decimal IP notation (for example,
192.168.11.1) or mnemonic host-name format (for example,
myhost.mydomain.com).
•secret string - The shared secret text string between the primary RADIUS
server and the CSS RADIUS client. The shared secret allows authentication
transactions between the client and primary RADIUS server to occur. Enter
the shared secret as a case-sensitive string with no spaces (16 characters
maximum).
•auth-port port_number - (Optional) The UDP port on the primary RADIUS
server allocated to receive authentication packets from the RADIUS client.
Valid entries are 0 to 65535. The default is 1645.
To specify a primary RADIUS server, enter:
(config)# radius-server primary 172.27.56.76 secret Hello auth-port
30658