Authenticating Users
Summit 300-48 Switch Software User Guide 43
Authenticating Users ExtremeWare provides a Radius client to authenticate switch admin users who login to the switch:
RADIUS Client
Remote Authentication Dial In User Service (RADIUS, RFC 2138) is a mechanism for authenticating and
centrally administrating access to network nodes. The ExtremeWare RADIUS client implementation
allows authentication for Telnet or console access to the switch.
You can define a primary and secondary RADIUS server for the switch to contact. When a user
attempts to login using Telnet, http, or the console, the request is relayed to the primary RADIUS server,
and then to the secondary RADIUS server, if the primary does not respond. If the RADIUS client is
enabled, but access to the RADIUS primary an secondary server fails, the switch uses its local database
for authentication.
The privileges assigned to the user (admin versus nonadmin) at the RADIUS server take precedence
over the configuration in the local switch database.
Configuring RADIUS Client
You can define primary and secondary server communication information, and for each RADIUS server,
the RADIUS port number to use when talking to the RADIUS server. The default port value is 1645. The
client IP address is the IP address used by the RADIUS server for communicating back to the switch.
RADIUS commands are described in Table11.
Table 1 1: RADIUS Commands
Command Description
config radius [primary | secondary] server
[<ipaddress> | <hostname>] {<udp_port>} client-ip
<ipaddress>
Configures the primary and secondary
RADIUS server. Specify the following:
•[primary | secondary] —
Configure either the primary or
secondary RADIUS server.
•[<ipaddress> | <hostname>] —
The IP address or hostname of the
server being configured.
•<udp_port> — The UDP port to use
to contact the RADUIS server. The
default UDP port setting is 1645.
•client-ip <ipaddress> — The IP
address used by the switch to identify
itself when communicating with the
RADIUS server.
The RADIUS server defined by this
command is used for user name
authentication and CLI command
authentication.
config radius [primary | secondary] shared-secret
{encrypted} <string> Configures the authentication string used
to communicate with the RADIUS server.