Enhancements in Release F.04.08

Configuring RADIUS Authentication and Accounting

Outline of the Steps for Configuring RADIUS Accounting

1.Configure the switch for accessing a RADIUS server.

You can configure a list of up to three RADIUS servers (one primary, two backup). The switch operates on the assumption that a server can operate in both accounting and authentication mode. (Refer to the documentation for your RADIUS server application.)

Use the same radius-server host command that you would use to configure RADIUS authentication. Refer to “2. Configure the Switch To Access a RADIUS Server” on page 109.

Provide the following:

A RADIUS server IP address.

Optional—a UDP destination port for authentication requests. Otherwise the switch assigns the default UDP port (1812; recommended).

Optional—if you are also configuring the switch for RADIUS authentication, and need a unique encryption key for use during authentication sessions with the RADIUS server you are designating, configure a server-specific key. This key over- rides the global encryption key you can also configure on the switch, and must match the encryption key used on the specified RADIUS server. For more information, refer to the "[key < key-string>]" parameter on page 109. (Default: null)

2.Configure the types of accounting you want the switch to perform, and the controls for sending accounting reports from the switch to the RADIUS server(s).

Accounting types: exec (page 115), network (page 115), or system (page 116)

Trigger for sending accounting reports to a RADIUS server: At session start and stop or only at session stop

3.(Optional) Configure session blocking and interim updating options

Updating: Periodically update the accounting data for sessions-in-progress

Suppress accounting: Block the accounting session for any unknown user with no username accesses the switch

117