![](/images/new-backgrounds/1121221/121221235x1.webp)
attributes containing configuration information. If the server rejects the user, it returns a negative result. If the server rejects the client or the shared “secrets” differ, the server returns no result. If the server requires additional verification from the user, it returns a challenge, and the request process begins again.
If you use a RADIUS server to authenticate users, you must configure user attributes in the user database on the RADIUS server. The user attributes include the user name, password, and privilege level.
NOTE: To set the privilege level, use the
The following example shows an entry in the FreeRADIUS /etc/raddb/users file that allows a user (name: admin) to log onto the switch with read/write privileges, which is equivalent to privilege level 15.
admin | Local, | |
| ||
| ||
enable | ||
| ||
|
The values for the
•
•
RADIUS Configuration Examples
This section contains examples of commands used to configure RADIUS settings on the switch.
Example #1: Basic RADIUS Server Configuration
This example configures two RADIUS servers at 10.10.10.10 and 11.11.11.11. Each server has a unique shared secret key. The shared secrets are configured to be secret1 and secret2 respectively. The server at
10.10.10.10is configured as the primary server. The process creates a new authentication list, called radiusList, which uses RADIUS as the primary authentication method, and local authentication as a backup method in the event that the RADIUS server cannot be contacted.
118
Device Security