Enhancements in Release F.04.08

Configuring RADIUS Authentication and Accounting

2. Configure the Switch To Access a RADIUS Server

This section describes how to configure the switch to interact with a RADIUS server for both authentication and accounting services. (If you want to configure RADIUS accounting on the switch, go to “Configuring RADIUS Accounting” on page 114 instead of continuing here.)

Syntax: [no] radius-server host < ip-address>

Adds a server to the RADIUS configuration or

 

(with no) deletes a server from the configura-

 

tion. You can configure up to three RADIUS

 

server addresses. The switch uses the first

 

server it successfully accesses. (Refer to

 

"Changing the RADIUS Server Access Order"

 

on page 126.)

[auth-port < port-number>]

Optional. Changes the UDP destination

 

port for authentication requests to the

 

specified RADIUS server (host). If you do not

 

use this option with the radius-server host

 

command, the switch automatically assigns

 

the default authentication port number. The

 

auth-portnumber must match its server

 

counterpart. (Default: 1812)

[acct-port < port-number>]

Optional. Changes the UDP destination

 

port for accounting requests to the specified

 

RADIUS server. If you do not use this option

 

with the radius-server host command, the

 

switch automatically assigns the default

 

accounting port number. The acct-portnum-

 

ber must match its server counterpart.

 

(Default: 1813)

[key < key-string >]

Optional. Specifies an encryption key for use

 

during authentication (or accounting)

 

sessions with the specified server. This key

 

must match the encryption key used on the

 

RADIUS server. Use this command only if the

 

specified server requires a different

 

encryption key than configured for the global

 

encryption key.

no radius-server host < ip-address> key

Use the no form of the command to remove

 

the key for a specified server.

109