Enhancements in Release F.04.08

 

Configuring RADIUS Authentication and Accounting

radius-server retransmit < 1 .. 5 >If a RADIUS server fails to respond to an

 

authentication request, specifies how many

 

retries to attempt before closing the session.

 

(Default: 3; Range: 1 - 5)

Note

Where the switch has multiple RADIUS servers configured to support authentication requests, if the first server fails to respond, then the switch tries the next server in the list, and so-on. If none of the servers respond, then the switch attempts to use the secondary authentication method configured for the type of access being attempted (console, Telnet, or SSH). If this occurs, see “Troubleshooting SSH Operation” on page 101.

For example, suppose that your switch is configured to use three RADIUS servers for authenticating access through Telnet and SSH. Two of these servers use the same encryption key. In this case your plan is to configure the switch with the following global authentication parameters:

Allow only two tries to correctly enter username and password.

Use the global encryption key to support the two servers that use the same key. (For this example, assume that you did not configure these two servers with a server-specific key.)

Use a dead-time of five minutes for a server that fails to respond to an authentication request.

Allow three seconds for request timeouts.Allow two retries following a request that did not receive a response.Figure 45. Example of Global Configuration Exercise for RADIUS Authentication

112