Switch Security
Cert Trustpoint | Click the View/Change button to specify the trustpoint from which the Radius server |
| automatically grants certificate enrollment requests. A trustpoint is a representation of a CA |
| or identity pair. A trustpoint contains the identity of the CA, |
| parameters, and an association with one enrolled identity certificate. If the server certificate |
| trustpoint is not used, the default trustpoint will be used instead. |
CA Cert Trustpoint | Click the View/Change button to specify the CA certificate trustpoint from which the Radius |
| server automatically grants certificate enrollment requests. A trustpoint is a representation |
| of a CA or identity pair. A trustpoint contains the identity of the CA, |
| parameters, and an association with one enrolled identity certificate. |
| If a CA trustpoint is not specified, the "default trustpoint's CA certificate is used as a ca |
| certificate. If the "Default trustpoint" does not have a CA certificate, the server certificate |
| itself will be used as the CA certificate. |
NOTE:
4.Refer to the LDAP Server Details field to define the attributes of the primary and secondary Radius LDAP servers providing access to external databes to be used with local Radius servers.
IP Address | Enter the IP address of the external LDAP server acting as the data source for the Radius |
| server. This server must be accessible from an active subnet on the switch. |
Port | Enter the TCP/IP port number for the LDAP server acting as the data source. |
Password Attribute | Enter the password attribute used by the LDAP server for authentication. |
Bind DN | Specify the distinguished name to bind with the LDAP server. |
Bind Password | Enter a valid password for the LDAP server. |
Base DN | Specify a distinguished name that establishes the base object for the search. The base |
| object is the point in the LDAP tree at which to start searching. |
User Login Filter | Enter the login used by the LDAP server for authentication. |
Group Filter | Specify the group filters used by your LDAP server. |
Group Membership | Specify the Group Member Attribute to be sent to the LDAP server when authenticating the |
Attribute | users. |
Group Attribute | Specify the group attribute used by the LDAP server. |
Net Timeout | Enter a timeout value the system uses to terminate the connection to the Radius Server if no |
| activity is detected. |
5.Click the Apply button to save the changes made to within the screen.
6.Click the Revert button to cancel any changes made within the screen and revert back to the last saved configuration.
6.9.5Configuring Radius Users
Refer to the Users tab to view the current set of users and assigned groups for the Radius server. The Users tab is used when Local is selected as the Auth Data Source within the Authentication & Accounting tab. The user information is ignored if an LDAP server is used for user authentication.
