RADIUS Authentication, Authorization, and Accounting

Configuring the Switch for RADIUS Authentication

[key < key-string >]

Optional. Specifies an encryption key for use during authentication (or accounting) sessions with the specified server. This key must match the encryption key used on the RADIUS server. Use this command only if the specified server requires a different encryption key than configured for the global encryption key.

Note: Formerly, when you saved the configuration file using Xmodem (Xmodem is supported over OA, Onboard Administrator, but not over USB) or TFTP, the RADIUS encryption key information was not saved in the file. This caused RADIUS authentication to break when the startup configuration file was loaded back onto the switch. You now can save the configured RADIUS shared secret (encryption) key to a configuration file by entering the following commands:

include-credentials write memory

For more information, see “Saving Security Credentials in a Config File” on page 2-10in this guide.

no radius-server host < ip-address> key

Use the no form of the command to remove the key for a specified server.

For example, suppose you have configured the switch as shown in figure 5-4 and you now need to make the following changes:

1.Change the encryption key for the server at 10.33.18.127 to “source0127”.

2.Add a RADIUS server with an IP address of 10.33.18.119 and a server- specific encryption key of “source0119”.

5-16