RadSec configuration

Configure tls using the command radius-server host <IP-ADDR/FQDN> tls command.

Install certificates with usage radsec-client or all. If certificate with usage radsec-client or all is not installed, the switch uses the default IDEVID to establish connection with the RadSec server. For more information about certificates, see the Access Security Guide of your switch.

Configure the IP address for RadSec communication using the command ip source-interface. For more information, see the Management and Configuration Guide of your switch.

Configure the TLS version lesser than the default 1.2 using the command tls application.

(optional) Assign the radius server with TLS in the server-group configuration using the command aaa server-group. For more information, see the Access Security Guide of your switch.