Enhanced commands
The following commands have the server-group option. If no server-group is specified, the default RADIUS group is used. The server group must have already been configured.
The last RADIUS server in a server group cannot be deleted if an authentication or accounting method is using the server group.
Syntax
aaa authentication <console | telenet | ssh | web> <enable | login| local |radius [server-group <group-name> | local | none | authorized]>
Configures the primary password authentication method for console, Telnet, SSH, and/or the WebAgent.
<enable | login>
Primary authentication method. Default: local
<local | radius>
Use either the local switch user/password database or a RADIUS server for authentication.
<server-group <group-name>
Specifies the server group to use
[local | none | authorized]
Provides options for secondary authentication (default: none). Note that for console access, secondary authentication must be local if primary access is not local. This prevents you from being locked out of the switch in the event of a failure in other access methods.
Syntax
aaa authentication <port-access <local | eap-radius | <mac-based | web-based <chap-radius | peap-mschapv2> [none | authorized | server-group <group-name>]>>
Configures the primary authentication method for portaccess, MAC-based, or web-based access.
<mac-based | web-based <chap-radius | peap-mschapv2>
Password authentication for web-based or MAC-based port access to the switch. Use peap-mschapv2 when you want password verification without requiring access to a plain text password; it is more secure. Default: chap-radius
<port-access <local | eap-radius | chap-radius>>
Configures local, chap-radius (MD5), or eap-radius as the primary password authentication method for port-access. The default primary authentication is local. (See the documentation for your RADIUS server application.)
[none | authorized
| server-group <group-name>
none
No backup authentication method is used.
authorized
Allow access without authentication
server-group <group-name>
Specifies the server group to use with RADIUS.
Syntax
aaa accounting <exec | network | system | commands | <start-stop | stop-only> radius [server-group <group-name>]
Configures accounting type and how data is sent to the RADIUS server.