Enhancements in Release F.04.08

Configuring RADIUS Authentication and Accounting

1. Configure the Switch To Access a RADIUS Server

Before you configure the actual accounting parameters, you should first configure the switch to use a RADIUS server. This is the same as the process described on page 109. You need to repeat this step here only if you have not yet configured the switch to use a RADIUS server, your server data has changed, or you need to specify a non-default UDP destination port for accounting requests. Note that switch operation expects a RADIUS server to accommodate both authentication and accounting.

Syntax: [no] radius-server host < ip-address>

Adds a server to the RADIUS configuration or

 

(with no) deletes a server from the configuration.

[acct-port < port-number>]

Optional. Changes the UDP destination port

 

for accounting requests to the specified RADIUS

 

server. If you do not use this option, the switch

 

automatically assigns the default accounting

 

port number. (Default: 1813)

[key < key-string >]

Optional. Specifies an encryption key for use

 

during accounting or authentication sessions

 

with the specified server. This key must match

 

the encryption key used on the RADIUS server.

 

Use this command only if the specified server

 

requires a different encryption key than

 

configured for the global encryption key.

(For a more complete description of the radius-servercommand and its options, turn to page 109.)

For example, suppose you want to the switch to use the RADIUS server described below for both authentication and accounting purposes.

IP address: 10.33.18.151

A non-default UDP port number of 1750 for accounting.

For this example, assume that all other RADIUS authentication parameters for accessing this server are acceptable at their default settings, and that RADIUS is already configured as an authentication method for one or more types of access to the switch (Telnet, Console, etc.).

118