3-7
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
Chapter3 Configuring the CSS as a Client of a RADIUS Server
Specifying a Secondary RADIUS Server
To remove a primary RADIUS server, enter:
(config)# no radius-server primary
Specifying a Secondary RADIUS ServerThe CSS directs authentication requests to the secondary RADIUS server when
the specified RADIUS primary server is unavailable. To specify a secondary
RADIUS server to authenticate user information from the CSS RADIUS client
(console or virtual authentication), use the radius-server secondary command.
Note Configuration of a secondary RADIUS server is optional.
The syntax for this global configuration mode command is:
radius-server secondary ip_address secret string {auth-port
port_number}
Options and variables for this command are as follows:
•secondary ip_address - The IP address or host name for the secondary
RADIUS server. Enter the address in either dotted-decimal IP notation (for
example, 192.168.11.1) or mnemonic host-name format (for example,
myhost.mydomain.com).
•secret string - The shared secret text string between the secondary RADIUS
server and the CSS RADIUS client. The shared secret allows authentication
transactions between the client and secondary RADIUS server to occur. Enter
the shared secret as a case-sensitive string with no spaces (16 characters
maximum).
•auth-port port_number - (Optional) The UDP port on the primary RADIUS
server allocated to receive authentication packets from the RADIUS client.
Valid entries are 0 to 65535. The default is 1645.
To specify a secondary RADIUS server, enter:
(config) radius-server secondary 172.27.56.79 secret Hello auth-port
30658
To remove a secondary RADIUS server, enter:
(config)# no radius-server secondary