Enhanced commands

The following commands have the server-group option. If no server-group is specified, the default RADIUS group is used. The server group must have already been configured.

NOTE:

The last RADIUS server in a server group cannot be deleted if an authentication or accounting method is using the server group.

Syntax

aaa authentication <console | telenet | ssh | web> <enable | login| local |radius [server-group <group-name> | local | none | authorized]>
    

Configures the primary password authentication method for console, Telnet, SSH, and/or the WebAgent.

<enable | login>

Primary authentication method. Default: local

<local | radius>

Use either the local switch user/password database or a RADIUS server for authentication.

<server-group <group-name>

Specifies the server group to use

[local | none | authorized]

Provides options for secondary authentication (default: none). Note that for console access, secondary authentication must be local if primary access is not local. This prevents you from being locked out of the switch in the event of a failure in other access methods.

Syntax

aaa authentication <port-access <local | eap-radius | <mac-based | web-based <chap-radius | peap-mschapv2> [none | authorized | server-group <group-name>]>>
    

Configures the primary authentication method for portaccess, MAC-based, or web-based access.

<mac-based | web-based <chap-radius | peap-mschapv2>

Password authentication for web-based or MAC-based port access to the switch. Use peap-mschapv2 when you want password verification without requiring access to a plain text password; it is more secure. Default: chap-radius

<port-access <local | eap-radius | chap-radius>>

Configures local, chap-radius (MD5), or eap-radius as the primary password authentication method for port-access. The default primary authentication is local. (See the documentation for your RADIUS server application.)

[none | authorized | server-group <group-name>

none

No backup authentication method is used.

authorized

Allow access without authentication

server-group <group-name>

Specifies the server group to use with RADIUS.

Syntax

aaa accounting <exec | network | system | commands | <start-stop | stop-only> radius [server-group <group-name>]
    

Configures accounting type and how data is sent to the RADIUS server.

radius

Uses RADIUS protocol as accounting method.

server-group <group-name>

Specifies the server group to use with RADIUS.