set radius

Parameters

enable disable

Enables or disables the RADIUS client.

retries number‐of‐

Specifies the number of retry attempts before the RADIUS server times out.

retries

Valid values are from 0 to 10. Default is 3.

 

 

timeout timeout

Specifies the maximum amount of time (in seconds) to establish contact

 

with the RADIUS server before retry attempts begin. Valid values are from 1

 

to 30. Default is 20 seconds.

 

 

server index

Specifies the index number, IP address and the UDP authentication port for

ip_address port

the RADIUS server.

 

 

secret‐value

(Optional) Specifies an encryption key to be used for authentication

 

between the RADIUS client and server.

realm management‐ access any network‐access

Realm allows you to define who has to go through the RADIUS server for authentication.

management‐access: This means that anyone trying to access the switch (Telnet, SSH, Local Management) has to authenticate through the RADIUS server.

network‐access: This means that all the users have to authenticate to a RADIUS server before they are allowed access to the network.

any: Means that both management‐access and network‐access have been enabled.

Note: If the management-accessor any access realm has been configured, the local “admin” account is disabled for access to the switch using the console, Telnet, or Local Management. Only the network-accessrealm allows access to the local “admin” account.

index all

Applies the realm setting to a specific server or to all servers.

Defaults

If secret‐value is not specified, none will be applied.

If realm is not specified, the any access realm will be used.

Mode

Switch command, read‐write.

Usage

The SecureStack C3 device allows up to 10 RADIUS servers to be configured, with up to two servers active at any given time.

The RADIUS client can only be enabled on the switch once a RADIUS server is online, and its IP address(es) has been configured with the same password the RADIUS client will use.

Examples

This example shows how to enable the RADIUS client for authenticating with RADIUS server 1 at IP address 192.168.6.203, UDP authentication port 1812, and an authentication password of “pwsecret.” As previously noted, the “server secret” password entered here must match that already configured as the Read‐Write (rw) password on the RADIUS server:

C3(su)->set radius server 1 192.168.6.203 1812 pwsecret

26-8 Authentication and Authorization Configuration

Page 754
Image 754
Enterasys Networks 9034313-07 manual Timeout timeout, Server index, Realm management‐ access any network‐access