MES1000, MES2000 Ethernet Switches 133
5.19.2 RADIUS protocol
RADIUS protocol is used for authentication, authorization and accounting. RADIUS server operates
with the user database, that contains authentication data for each user. Thus, RADIUS protocol provides
additional security for access to network resources and the switch itself.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.141 —Global configuration mode commands
radius-server host
{ip_address|
hostname}
[auth-port auth_port]
[acct-port acct-port]
[timeout timeout]
[retransmit retries]
[deadtime time]
[key secret_key]
[encrypted key encrypted_key]
[source source_ip_address]
[priority priority]
[usage type]
hostname:
(1..158) characters
auth_port:
(0..65535)/1812
acct_port:
(0..65535)/1813
timeout: (1..30)
seconds
retries: (1..10)
time (0..2000) minutes
secret_key:
(0..128) characters
encrypted key:
(0..128) characters
priority: (0..65535)/0
type: (login, 802.1x,
all)/ all
(default values)
Add the selected server into the list of utilized RADIUS servers.
- ip_address—RADIUS server IPv4 or IPv6 address
- hostname—RADIUS server network name
- auth_port—port number for sending authentication data
- acct_port—port number for sending accounting data
- timeout—server response interval
- retries—number of attempts for RADIUS server discovery
- time— time in minutes, when unavailable servers will not be
polled by the switch RADIUS client
- secret_key—authentication and encryption key for RADIUS
data exchange
- encrypted key—authentication and encryption key for
RADIUS data exchange
- source_ip_address —IPv4 or IPv6 address used as a source
address in RADIUS protocol messages
- priority—RADIUS server utilization priority (the lower the
value, the higher the server priority)
- type—RADIUS server utilization type (login, dot1.x,
igmp-auth, all).
If timeout, retries, time, secret_key, source_ip_address
parameters are missing from the command, the current
RADIUS server will use the values configured with the
respective global commands
no radius-server host
{ip_address|hostname}
Remove the selected server from the list of utilized RADIUS
servers.
(0..128) characters/
default key is an empty
string
Define the default key for authentication and encryption of
RADIUS data exchange between the device and RADIUS
environment.
Restore the default value.
radius-server timeout timeout
Define the default server response interval.
Restore the default value.
radius-server retransmit retries
Define the default number of attempts for discovery of
RADIUS server from the server list. If the failure occurs, the
next priority server from the server list will be discovered.
no radius-server retransmit
Restore the default value.
radius-server deadtime
deadtime
Allows to optimize the RADIUS server query time when some
servers are unavailable. Set the default time in minutes, when
unavailable servers will not be polled by the switch RADIUS
client
no radius-server deadtime
deadtime
Restore the default value.
radius-server source-ip
ip_address
Define the specific IPv4 address used as the default source
address being sent in RADIUS protocol messages.
no radius-server source-ip
[ip_address]
Remove the specific IPv4 address used as the default source
address being sent in RADIUS protocol messages. Define IPv4
switch interface address as the source address for RADIUS
protocol messages.
To Next Page
Loading...
Need help?
General
