Configuring the switch to access a RADIUS server
This section describes how to configure the switch to interact with a RADIUS server for both authentication and accounting services.
If you want to configure RADIUS accounting on the switch, see Accounting services.
Syntax:
radius-server host <ip-address>
no radius-server host <ip-address>
Adds a server to the RADIUS configuration or (with
no
) deletes a server from the configuration. You can configure up to three RADIUS server addresses. The switch uses the first server it successfully accesses. (See
Changing RADIUS-server access order.)
The switch uses the first server it successfully accesses, see Changing RADIUS-server access order.
[auth-port <port-number>]
Optional. Changes the UDP destination port for authentication requests to the specified RADIUS server (host). If you do not use this option with the
radius-server host
command, the switch automatically assigns the default authentication port number. The
auth-port
number must match its server counterpart.
Default: 1812
[acct-port <port-number>]
Optional. Changes the UDP destination port for accounting requests to the specified RADIUS server. If you do not use this option with the
radius-server host
command, the switch automatically assigns the default accounting port number. The
acct-port
number must match its server counterpart.
Default: 1813
[dyn-authorization]
Enables or disables dynamic authorization control from this host.
Default: Disabled
[key <key-string>]
Optional. Specifies an encryption key for use during authentication (or accounting) sessions with the specified server. This key must match the encryption key used on the RADIUS server. Use this command only if the specified server requires a different encryption key than configured for the global encryption key.
Use the
no
form of the command to remove the key for a specified server.
Suppose you have configured the switch as shown in the first figure and you now need to make the following changes:
- Change the encryption key for the server at 10.33.18.127 to "source0127".
- Add a RADIUS server with an IP address of 10.33.18.119 and a server-specific encryption key of "source0119".
To make these changes, perform the following:
To change the order in which the switch accesses RADIUS servers, see Changing RADIUS-server access order.