Configuring Radius Logon Authentication | SMC Networks 10/100

CONFIGURING USER AUTHENTICATION

Configuring RADIUS Logon Authentication

Remote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software running on a central server to control access to RADIUS-compliant devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch.

Command Usage

•By default, management access is always checked against the authentication database stored on the local switch. If a remote authentication server is used, you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol.

•RADIUS uses UDP, which only offers best-effort delivery. Also, RADIUS encrypts only the password in the access-request packet from the client to the server.

•RADIUS logon authentication assigns a specific privilege level for each user name/password pair. The user name, password, and privilege level must be configured on the authentication server.

•You can specify one to two authentication methods for any user to indicate the authentication sequence. For example, if you select (1) RADIUS and (2) Local, the user name and password on the RADIUS server is verified first. If the RADIUS server is not available, then the local user name and password is checked.

2-17

Image 49

SMC Networks 10/100 manual Configuring Radius Logon Authentication, Command Usage

Contents

TigerSwitch 10/100 Page TigerSwitch 10/100 Management Guide Trademarks Limited Warranty Limited Warranty Contents Contents Iii Command Line Interface Contents Contents Contents Vii Glossary Index Upgrading Firmware via the Serial Port . . . . . . .B-1Viii Configuration Options Connecting to the Switch Switch Management Required Connections Remote Connections Console Connection Basic Configuration Setting Passwords Manual Configuration Setting an IP Address Dynamic Configuration Basic Configuration Community Strings Enabling Snmp Management Access Basic Configuration Trap Receivers Saving Configuration Settings Enter the name of the start-up file. Press Enter Managing System Files Function Parameter Default System Defaults Snmp Function Parameter Default Pvid Switch Management Using the Web Interface Configuring the Switch Navigating the Web Browser Interface Home Button Action Panel Display Menu Description Main Menu Menu Description Private Vlan Igmp Displaying System Information Configuring the Switch CLI Specify the hostname, location and contact information Setting the IP Address Command Attributes Manual Configuration Configuring the Switch Configuring the Logon Password Configuring User Authentication Command Attributes Command Usage Configuring Radius Logon Authentication Command Attributes Configuring User Authentication Downloading System Software from a Server Managing Firmware Managing Firmware Downloading Configuration Settings from a Server Saving or Restoring Configuration Settings Managing Firmware Displaying Bridge Extension Capabilities Resetting the System Displaying Bridge Extension Capabilities 145 Enabling or Disabling Gvrp Global Setting Displaying Switch Hardware/Software Versions Displaying Switch HARDWARE/SOFTWARE Versions Displaying Connection Status Port Configuration Web Click Port, Port Information or Trunk Information CLI This example shows the connection status for Port Configuring Interface Connections Port Configuration Setting Broadcast Storm Thresholds Command Usage 102 Configuring Port Mirroring Address Table Settings Setting Static Addresses Displaying the Address Table 109 Changing the Aging Time Spanning Tree Algorithm Configuration Managing Global Settings Configuring the Switch Displaying the Global Settings for STA 119 Managing STA Interface Settings Configuring the Global Settings for STA Command Attributes Spanning Tree Algorithm Configuration Configuring the Switch Displaying the Interface Settings for STA Configuring the Interface Settings for STA Vlan Configuration Assigning Ports to VLANs Configuring the Switch Vlan Configuration Forwarding Tagged/Untagged Frames Displaying Basic Vlan Information Displaying Current VLANs Command Attributes Web Command Attributes CLI 131 Creating VLANs 122 Adding Static Members to VLANs Vlan Index Configuring the Switch 130 Adding Static Members to VLANs Port Index CLI This example adds Port 3 to Vlan 1 as a tagged port Configuring Vlan Behavior for Interfaces Configuring the Switch Vlan Configuration Configuring Private VLANs Displaying Current Private VLANs Command Attributes Configuring Private VLANs Associating Community VLANs Displaying Private Vlan Interface Information Command Attributes Configuring Private Vlan Interfaces Configuring the Switch 137 Class of Service Configuration Setting the Queue Mode Port Trunk Configuration Command Usage Group Number Ports 152 Configuring Snmp Access Mode Setting Community Access Strings Specifying Trap Managers and Trap Types Command Usage Multicast Configuration Configuring Igmp Parameters Command Attributes Interfaces Attached to a Multicast Router Displaying Interfaces Attached to a Multicast Router Command Attributes Specifying Interfaces Attached to a Multicast Router Command Attribute Displaying Port Members of Multicast Services 158 Adding Multicast Addresses to VLANs 156 Showing Port Statistics Showing Port Statistics CLI This example shows statistics for port Rate Limit Configuration Option 100 Configuring 802.1x Port Authentication 101 102 Displaying 802.1x Global Settings 103 Configuring 802.1x Global Settings 104 105 Configuring a Port for Authorization Authorized 106 107 Displaying 802.1x Statistics 108 CLI This example displays the dot1x statistics for port 109 110 Accessing the CLI Using the Command Line Interface Telnet Connection Using the Command Line Interface Keywords and Arguments Entering CommandsMinimum Abbreviation Getting Help on Commands Command Completion Using Command History Negating the Effect of CommandsPartial Keyword Lookup Exec Commands Understanding Command Modes Configuration Commands Mode Command Prompt Command Line Processing Command Groups Igmp Command Description Group Enable General CommandsSyntax Enable level Disable Configure Show history End Reload Exit Quit Flash/File Commands Copy Command Usage Syntax Delete Dir Syntax Dir boot-rom config opcode filename Column Heading Description Whichboot Syntax Boot system boot-romconfig opcode filename Boot system System Management Commands Username HostnameSyntax Hostname name no hostname Username Access-level Password Guest Admin Enable password Ip http port Default Setting Command ModeSyntax Ip http port port-numberno ip http port Ip http server Show startup-config Show running-config Show running-config Show startup-config Show system Show version Show users Authentication Commands Command Function Mode Authentication login Radius-server host Syntax Radius-server port portnumber no radius-server port Radius-server port Radius-server retransmit Radius-server keySyntax Radius-server key keystring no radius-server key Show radius-server Radius-server timeout Port Authentication Commands Authentication dot1x Syntax Dot1x default Command Mode Dot1x defaultDefault Command Mode Dot1x max-req Command Mode Interface Configuration Example DefaultDot1x port-control Dot1x re-authentication Dot1x re-authenticateSyntax Dot1x re-authenticate interface Ethernet unit/port Dot1x timeout re-authperiod Dot1x timeout quiet-period Dot1x timeout tx-period Syntax Show dot1x statistics interface interface Show dot1x Reauthentication State Machine Console#show dot1x Snmp-server community Snmp Commands Syntax Snmp-server contact string no snmp-server contact Snmp-server contact Syntax Snmp-server location text no snmp-server location Snmp-server location No snmp-server host host-addr Snmp-server host Snmp-server enable traps Show snmp Normal Exec, Privileged Exec Ip igmp snooping Igmp Snooping CommandsSyntax Ip igmp snooping no ip igmp snooping Ip igmp snooping query-count Ip igmp snooping query-max-response-time Ip igmp snooping router-port-expire-time Ip igmp snooping version Show ip igmp snooping Following shows the current Igmp snooping configuration Show mac-address-table multicast Line Commands Syntax Line console vty Line Syntax Login local no login Login Syntax Password 0 7 password no password Password Syntax Exec-timeout seconds no exec-timeout Exec-timeout Syntax Password-thresh threshold no password-thresh Password-thresh Syntax Silent-time seconds no silent-time Silent-time Syntax Databits 7 8 no databits Databits Syntax Parity none even odd no parity Parity Syntax Speed bps no speed Speed Show line StopbitsSyntax Stopbits 1 Syntax Show line console vty To show all lines, enter this command IP Commands Ip address Ip dhcp restart Syntax Ip default-gateway gateway no ip default-gateway Ip default-gateway Show ip interface Ping Show ip redirectsSyntax Ping host count countsize size Press Esc to stop pinging Queue hol-prevention HOL Blocking Prevention Commands Show queue hol-prevention Interface Commands Port-channel channel-idRange Interface Speed-duplex DescriptionSyntax Description string no description Negotiation 3-92 capabilities Negotiation Syntax Negotiation no negotiation Default Setting Capabilities Default Setting Flowcontrol Syntax Flowcontrol no flowcontrol Default Setting Negotiation Capabilities flowcontrol, symmetric Shutdown Switchport broadcast percent Clear counters Port-channel channel-idRange Default SettingSyntax Clear counters interface Syntax Show interfaces status interface Show interfaces status Syntax Show interfaces counters interface Show interfaces counters 101 Syntax Show interfaces switchport interface Show interfaces switchport 103 Rate Limit Commands Rate-limit Address Table Commands Mac-address-table static Clear mac-address-table dynamic Show mac-address-table Mac-address-table aging-time Show mac-address-table aging-time Spanning Tree Commands111 Spanning-tree Syntax Spanning-tree no spanning-tree Default Setting112 113 Spanning-tree forward-time 114 Spanning-tree hello-time 115 Spanning-tree max-age Spanning-tree cost Spanning-tree priority116 Syntax Spanning-tree cost cost no spanning-tree cost 117 Spanning-tree port-priority 118 Spanning-tree portfast 119 Show spanning-treeSyntax Show spanning-tree interface 120 121 Vlan Commands 122 Vlan database 123 Vlan 124 Interface vlanSyntax Interface vlan vlan-id Syntax Switchport mode trunk access no switchport mode Switchport mode125 126 Switchport acceptable-frame-types 127 Switchport ingress-filtering 128 Switchport native vlan 129 Switchport allowed vlan 130 Switchport forbidden vlan 131 Show vlanSyntax Show vlan id vlan-idname vlan-name 132 Private Vlan Commands 133 134 Private-vlanSyntax Private-vlan vlan-idcommunity primary 135 Private vlan associationNo private-vlan primary-vlan-idassociation 136 Switchport mode private-vlan 137 Switchport private-vlan host-association 138 Switchport private-vlan mapping 139 Show vlan private-vlanSyntax Show vlan private-vlan community primary Switchport gvrp Gvrp and Bridge Extension CommandsSyntax Switchport gvrp no switchport gvrp 140 Syntax Show gvrp configuration interface Show gvrp configuration141 142 Garp timer Syntax Show garp timer interface Show garp timer143 Bridge-ext gvrp Syntax Bridge-ext gvrp no bridge-ext gvrp Default Setting144 145 Show bridge-ext 146 Priority Commands Show queue mode Queue modeSyntax Queue mode strict wrr no queue mode 147 Port monitor Mirror Port Commands148 149 Show port monitorSyntax Show port monitor interface 150 Port Trunking Commands Guidelines for Creating Trunks 151 152 Port-group 153 154 Troubleshooting Chart Appendix a Troubleshooting Troubleshooting Appendix B Upgrading Firmware VIA Serial Port Upgrading Firmware VIA the Serial Port Page Restoring Switch Defaults Enter q and then x to return to the main menu Enter G to boot the system Glossary-1 Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Virtual LAN Vlan Glossary-8XModem Figure C-1. DB-9 Console Port Pin Numbers Console Port Pin Assignments Console Port to 9-Pin DTE Port on PC DB-9 Port Pin AssignmentsConsole Port to 25-Pin DTE Port on PC Index-1 Index Index-2 Page For Technical SUPPORT, Call