The following table describes the RADIUS Server Configuration Menu options.Table 81 RADIUS Server Configuration Menu options

Command

Description

 

 

prisrv <IP address>

Sets the primary RADIUS server address.

 

 

secsrv <IP address>

Sets the secondary RADIUS server address.

 

 

secret <1-32 characters>

This is the shared secret between the switch and the RADIUS server(s).

 

 

secret2 <1-32 characters>

This is the secondary shared secret between the switch and the RADIUS

 

server(s).

 

 

port <UDP port number>

Enter the number of the User Datagram Protocol (UDP) port to be

 

configured, between 1500-3000. The default is 1645.

 

 

retries <1-3>

Sets the number of failed authentication requests before switching to a

 

different RADIUS server. The range is 1-3 requests The default is 3

 

requests.

 

 

timeout <1-10>

Sets the amount of time, in seconds, before a RADIUS server

 

authentication attempt is considered to have failed. The range is 1-10

 

seconds. The default is 3 seconds.

 

 

telnet enabledisable

Enables or disables the RADIUS back door for telnet/SSH/ HTTP/HTTPS.

 

This command does not apply when secure backdoor (secbd) is

 

enabled.

secbd enabledisable

Enables or disables the RADIUS back door using secure password for telnet/SSH/ HTTP/HTTPS. This command does not apply when backdoor (telnet) is enabled.

on

Enables the RADIUS server.

 

 

 

off

Disables the RADIUS server. This is the default.

 

 

 

cur

Displays the current RADIUS server parameters.

 

 

 

 

 

 

IMPORTANT: If RADIUS is enabled, you must login using RADIUS authentication when connecting via the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can connect using noradius and the administrator password even if the backdoor (telnet) or secure backdoor (secbd) are disabled.

If Telnet backdoor is enabled (telnet ena), type in noradius as a backdoor to bypass RADIUS checking, and use the administrator password to log into the switch. The switch allows this even if RADIUS servers are available.

If secure backdoor is enabled (secbd ena), type in noradius as a backdoor to bypass RADIUS checking, and use the administrator password to log into the switch. The switch allows this only if RADIUS servers are not available.

TACACS+ server configuration

Command: /cfg/sys/tacacs+
[TACACS+ Server Menu]

 

prisrv- Set IP addressof primary TACACS+ server
secsrv

- Set IP address

of secondary TACACS+ server

secret

- Set secret forprimary TACACS+ server
secret2

- Set secret for

secondary TACACS+ server

port

- Set TACACS+ port number
retries- Set number of TACACS+ server retries
timeout- Set timeout value of TACACS+ server retries

telnet

- Enable/disableTACACS+ back door for telnet/ssh/http/https

secbd

- Enable/disable TACACS+ secure backdoor for telnet/ssh/http/https
cmap

- Enable/disable

TACACS+ new privilege level mapping
usermap- Set user privilege mappings

on

- Enable TACACS+authentication

off

- Disable TACACS+ authentication

cur

- Display current TACACS+ settings

 

 

 

Configuration Menu 94