6-55
Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide
78-6511-08
Chapter 6 Configuring the System
Controlling Switch Access with RADIUS
Controlling Switch Access with RADIUS
Note This feature is not available on the Catalyst 2900 LRE XL switches.
This section describes how to enable and configure the Remote Authentication Dial-In User Service
(RADIUS), which provides detailed accounting information and flexible administrative control over
authentication and authorization processes. RADIUS is facilitated through AAA and can be enabled only
through AAA CLI commands.
Note For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS
Security Command Reference for Release 12.0.
This section contains this configuration information:
• Understanding RADIUS, page 6-55
• RADIUS Operation, page 6-56
• Configuring RADIUS, page 6-57
• Displaying the RADIUS Configuration, page 6-68
Understanding RADIUS
RADIUS is a distributed client/server system that secures networks against unauthorized access.
RADIUS clients run on supported Cisco routers and switches and send authentication requests to a
central RADIUS server, which contains all user authentication and network service access information.
The RADIUS host is normally a multiuser system running RADIUS server software from Cisco (Cisco
Secure Access Control Server version 3.0), Livingston, Merit, Microsoft, or another software provider.
For more information, refer to the RADIUS server documentation.
Use RADIUS in these network environments that require access security:
• Networks with multiple-vendor access servers, each supporting RADIUS. For example, access
servers from several vendors use a single RADIUS server-based security database. In an IP-based
network with multiple vendors’ access servers, dial-in users are authenticated through a RADIUS
server that has been customized to work with the Kerberos security system.
• Turnkey network security environments in which applications support the RADIUS protocol, such
as in an access environment that uses a smart card access control system. In one case, RADIUS has
been used with Enigma’s security cards to validate users and to grant access to network resources.
• Networks already using RADIUS. You can add a Cisco switch containing a RADIUS client to the
network. This might be the first step when you make a transition to a TACACS+ server. See
Figure 6-12.
To Next Page
Loading...
Need help?
General