Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software

radius-server host

radius-server host

To specify a RADIUS server host, use the radius-server host command in global configuration mode. To delete the specified RADIUS host, use the no form of this command.

radius-server host {hostname ip-address}[auth-portport-number][acct-portport-number]

[timeout seconds] [retransmit retries] [key string]

 

 

no radius-server host {hostname ip-address}[auth-port port-number][acct-port port-number]

 

 

 

 

Syntax Description

 

hostname

Domain Name System (DNS) name of the RADIUS server host.

 

 

 

 

 

 

ip-address

IP address of the RADIUS server host.

 

 

 

 

 

 

auth-portport-number

(Optional) Specifies the User Datagram Protocol (UDP) destination port for

 

 

 

authentication requests; the host is not used for authentication if set to 0. If

 

 

 

unspecified, the port number defaults to 1645.

 

 

 

 

 

 

acct-portport-number

(Optional) Specifies the UDP destination port for accounting requests; the

 

 

 

host is not used for accounting if set to 0. If unspecified, the port number

 

 

 

defaults to 1646.

 

 

 

 

 

 

timeout seconds

(Optional) The time interval (in seconds) that the router waits for the

 

 

 

RADIUS server to reply before retransmitting. This setting overrides the

 

 

 

global value of the radius-server timeout command. If no timeout value is

 

 

 

specified, the global value is used. Enter a value in the range from 1 to 1000.

 

 

 

Default is 5.

 

 

 

 

 

 

retransmit retries

(Optional) The number of times a RADIUS request is re-sent to a server, if

 

 

 

that server is not responding or responding slowly. This setting overrides the

 

 

 

global setting of the radius-server retransmit command. If no retransmit

 

 

 

value is specified, the global value is used. Enter a value in the range from 1

 

 

 

to 100. Default is 3.

 

 

 

 

 

 

key string

(Optional) Specifies the authentication and encryption key used between the

 

 

 

router and the RADIUS server. This key overrides the global setting of the

 

 

 

radius-server key command. If no key string is specified, the global value

 

 

 

is used.

 

 

 

The key is a text string that must match the encryption key used on the

 

 

 

RADIUS server. Always configure the key as the last item in the

 

 

 

radius-server host command syntax. This is because the leading spaces are

 

 

 

ignored, but spaces within and at the end of the key are used. If you use

 

 

 

spaces in the key, do not enclose the key in quotation marks unless the

 

 

 

quotation marks themselves are part of the key.

 

 

 

 

 

No RADIUS host is specified; use global radius-servercommand values.

Defaults

 

 

 

 

 

Command Modes

 

Global configuration

 

Cisco IOS XR System Security Command Reference

SR-41

Page 41
Image 41
Cisco Systems XR manual Radius-server host, Timeout seconds, Retransmit retries, SR-41