Enhancements in Release F.04.08

Configuring RADIUS Authentication and Accounting

Symptom

Possible Cause

 

 

An attempt to copy a client public-key file into the switch has failed and the switch lists one of the following messages:

Download failed: overlength key in key file.Download failed: too many keys in key file.Download failed: one or more keys is not a valid RSA public key.

Client ceases to respond ("hangs") during connection phase.

The public key file you are trying to download has one of the following problems:

A key in the file is too long. The maximum key length is 1024 characters, including spaces. This could also mean that two or more keys are merged together instead of being separated by a <CR><LF>.

There are more than ten public keys in the key file.

One or more keys in the file is corrupted or is not a valid rsa public key.

The switch does not support data compression in an SSH session. Clients will often have compression turned on by default, but will disable it during the negotiation phase. A client which does not recognize the compression-request FAILURE response may fail when attempting to connect.

Ensure that compression is turned off before attempting a connection to prevent this problem.

Configuring RADIUS Authentication and Accounting

Feature

Default

Menu

CLI

Web

 

 

 

 

 

Configuring RADIUS Authentication

None

n/a

page 105

n/a

Configuring RADIUS Accounting

None

n/a

page 114

n/a

Viewing RADIUS Statistics

n/a

n/a

page 121

n/a

 

 

 

 

 

RADIUS (Remote Authentication Dial-In User Service) enables you to use up to three servers (one primary server and one or two backups) and maintain separate authentication and accounting for each RADIUS server employed. For authentication, this allows a different password for each user instead of having to rely on maintaining and distributing switch-specific passwords to all users. For accounting, this can help you track network resource usage.

Authentication. You can use RADIUS to verify user identity for the following types of primary password access to the Series 2500 switches:

Serial port (Console)TelnetSSHPort-Access

102