Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x

921

922

923

924

925

926

927

928

929

930

896 PowerConnect B-Series TI24X Configuration Guide

53-1002269-02

Configuring RADIUS security

RADIUS configuration considerations

• You must deploy at least one RADIUS server in your network.

• Devices support authentication using up to eight RADIUS servers, including those used for

802.1X authentication and for management. The device tries to use the servers in the order

you add them to the device configuration. If one RADIUS server times out (does not respond),

the device tries the next one in the list. Servers are tried in the same sequence each time there

is a request.

• You can select only one primary authentication method for each type of access to a device (CLI

through Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select RADIUS as

the primary authentication method for Telnet CLI access, but you cannot also select TACACS+

authentication as the primary method for the same type of access. However, you can configure

backup authentication methods for each access type.

RADIUS configuration procedure

Follow the procedure given below to configure a device for RADIUS.

1. Configure Dell vendor-specific attributes on the RADIUS server. Refer to “Configuring

Dell-specific attributes on the RADIUS server” on page 896.

2. Identify the RADIUS server to the device. Refer to “Identifying the RADIUS server to the device”

on page 898.

3. Optionally specify different servers for individual AAA functions. Refer to “Specifying different

servers for individual AAA functions” on page 898.

4. Optionally configure the RADIUS server as a “port only” server. Refer to “Configuring a RADIUS

server per port” on page 898.

5. Optionally bind the RADIUS servers to ports on the device. Refer to “Mapping a RADIUS server

to individual ports” on page 899.

6. Set RADIUS parameters. Refer to “Setting RADIUS parameters” on page 900.

7. Configure authentication-method lists. Refer to “Configuring authentication-method lists for

RADIUS” on page 901.

8. Optionally configure RADIUS authorization. Refer to “Configuring RADIUS authorization” on

page 903.

9. Optionally configure RADIUS accounting. “Configuring RADIUS accounting” on page 905.

Configuring Dell-specific attributes on the RADIUS server

NOTE

For all devices, RADIUS Challenge is supported for 802.1x authentication but not for login

authentication.

During the RADIUS authentication process, if a user supplies a valid username and password, the

RADIUS server sends an Access-Accept packet to the device, authenticating the user. Within the

Access-Accept packet are three Dell vendor-specific attributes that indicate:

• The privilege level of the user

• A list of commands