RADIUS Authentication, Authorization, and Accounting

Configuring the Switch for RADIUS Authentication

ure local for the secondary method. This prevents the possibility of being completely locked out of the switch in the event that all primary access methods fail.

Syntax: aaa authentication < console telnet ssh web < enable login <local radius>> web-based mac-based <chap-radius peap-radius>>

Configures RADIUS as the primary password authentication method for console, Telnet, SSH, and/or the web browser interface. (The default primary < enable login > authentication is local.)

<console telnet ssh web>

[< local none authorized >]

Provides options for secondary authentication (default: none). Note that for console access, secondary authentication must be local if primary access is not local. This prevents you from being locked out of the switch in the event of a failure in other access methods.

<<web-based mac-based > login> <chap-radius peap-mschap v2>: Password authentication for web-based or mac-based port access to the switch. Use peap-mschapv2when you want password verification without requiring access to a plain text password; it is more secure.

Default: chap-radius

[none authorized]: Provides options for secondary authentication. The none option specifies that a backup authentication method is not used. The authorized option allows access without authentication. (default: none).

 

In certain situations, RADIUS servers can become isolated from the network.

 

Users are not able to access the network resources configured with RADIUS

 

access protection and are rejected. To address this situation, configuring the

 

authorized secondary authentication method allows users unconditional

 

access to the network when the primary authentication method fails because

 

the RADIUS servers are unreachable.

 

 

Caution

Configuring authorized as the secondary authentication method used when

 

there is a failure accessing the RADIUS servers allows clients to access the

 

network unconditionally. Use this method with care.

 

 

5-11