RADIUS Authentication, Authorization, and Accounting

Configuring the Switch for RADIUS Authentication

Outline of the Steps for Configuring RADIUS

Authentication

There are three main steps to configuring RADIUS authentication:

1.Configure RADIUS authentication for controlling access through one or more of the following

Serial port

Telnet

SSH

Port-Access (802.1X)

Web browser interface

2.Enable RADIUS authentication on the switch to override the default authentication operation of automatically assigning an authenticated cli- ent to the Operator privilege level. This optional feature applies the privilege level specified by the Service Type value received from the RADIUS server. (Refer to “1. Configure Authentication for the Access Methods You Want RADIUS To Protect” on page 5-10.)

3.Configure the switch for accessing one or more RADIUS servers (one primary server and up to two backup servers):

Note

This step assumes you have already configured the RADIUS server(s) to

 

support the switch. Refer to the documentation provided with the

 

RADIUS server documentation.)

 

 

Server IP address

(Optional) UDP destination port for authentication requests (default: 1812; recommended)

(Optional) UDP destination port for accounting requests (default: 1813; recommended)

(Optional) encryption key for use during authentication sessions with a RADIUS server. This key overrides the global encryption key you can also configure on the switch, and must match the encryption key used on the specified RADIUS server. (Default: null)

4.Configure the global RADIUS parameters.

Server Key: This key must match the encryption key used on the RADIUS servers the switch contacts for authentication and account- ing services unless you configure one or more per-server keys. (Default: null.)

5-9