RADIUS Authentication and Accounting

Configuring the Switch for RADIUS Authentication

Outline of the Steps for Configuring RADIUS

Authentication

There are three main steps to configuring RADIUS authentication:

1.Configure RADIUS authentication for controlling access through one or more of the following

Serial port

Telnet

SSH

Web browser interface (2600, 2600-PWR, and 2800 switches running software releases H.08.58 and I.08.60 or greater)

Port-Access (802.1X)

2.Configure the switch for accessing one or more RADIUS servers (one primary server and up to two backup servers):

N o t e

This step assumes you have already configured the RADIUS server(s) to

 

support the switch. Refer to the documentation provided with the

 

RADIUS server documentation.)

 

 

Server IP address

(Optional) UDP destination port for authentication requests (default: 1812; recommended)

(Optional) UDP destination port for accounting requests (default: 1813; recommended)

(Optional) encryption key for use during authentication sessions with a RADIUS server. This key overrides the global encryption key you can also configure on the switch, and must match the encryption key used on the specified RADIUS server. (Default: null)

3.Configure the global RADIUS parameters.

Server Key: This key must match the encryption key used on the RADIUS servers the switch contacts for authentication and account- ing services unless you configure one or more per-server keys. (Default: null.)

Timeout Period: The timeout period the switch waits for a RADIUS

server to reply. (Default: 5 seconds; range: 1 to 15 seconds.)

Retransmit Attempts: The number of retries when there is no server

response to a RADIUS authentication request. (Default: 3; range of 1 to 5.)

5-7

Page 107
Image 107
HP 4100gl, 2650 (J4899A/B), 6108 Outline of the Steps for Configuring Radius Authentication, Radius server documentation