RADIUS Authentication, Authorization, and Accounting

Configuring the Switch for RADIUS Authentication

Global server key: The server key the switch will use for contacts with all RADIUS servers for which there is not a server-specific key configured by radius-server host < ip-address> key < key-string>. This key is optional if you configure a server-specific key for each RADIUS server entered in the switch. (Refer to “3. Configure the Switch To Access a RADIUS Server” on page 5-14.)

Server timeout: Defines the time period in seconds for authentica- tion attempts. If the timeout period expires before a response is received, the attempt fails.

Server dead time: Specifies the time in minutes during which the switch avoids requesting authentication from a server that has not responded to previous requests.

Retransmit attempts: If the first attempt to contact a RADIUS server fails, specifies how many retries you want the switch to attempt on that server.

Syntax: aaa authentication num-attempts < 1 - 10 >

Specifies how many tries for entering the correct user- name and password before shutting down the session due to input errors. (Default: 3; Range: 1 - 10).

[no] radius-server

key < global-key-string >

Specifies the global encryption key the switch uses with servers for which the switch does not have a server- specific key assignment. This key is optional if all RADIUS server addresses configured in the switch include a server-specific encryption key. (Default: Null.)

dead-time < 1 - 1440 >

Optional. Specifies the time in minutes during which the switch will not attempt to use a RADIUS server that has not responded to an earlier authentication attempt. (Default: 0; Range: 1 - 1440 minutes)

radius-server timeout < 1 - 15 >

Specifies the maximum time the switch waits for a response to an authentication request before counting the attempt as a failure. (Default: 3 seconds; Range: 1 - 15 seconds)

5-18