RADIUS Authentication, Authorization, and Accounting

Configuring the Switch for RADIUS Authentication

Note: The Webui access task shown in this figure is available only on the switches covered in this guide.

The switch now allows Telnet and SSH authentication only through

RADIUS.

Figure 5-3. Example Configuration for RADIUS Authentication

Note

If you configure the Login Primary method as local instead of radius (and local

 

passwords are configured on the switch), then clients connected to your

 

network can gain access to either the Operator or Manager level without

 

encountering the RADIUS authentication specified for Enable Primary. Refer

 

to “Local Authentication Process” on page 5-24.

 

 

2. Enable the (Optional) Access Privilege Option

In the default RADIUS operation, the switch automatically admits any authenticated client to the Login (Operator) privilege level, even if the RADIUS server specifies Enable (Manager) access for that client. Thus, an authenticated user authorized for the Manager privilege level must authenticate again to change privilege levels. Using the optional login privilege-modecommand overrides

5-13