Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x

931

932

933

934

935

936

937

938

939

940

898 PowerConnect B-Series TI24X Configuration Guide

53-1002269-02

Configuring RADIUS security

The <config-tacacs> parameter specifies the TACACS configuration mode. TACACS is disabled by

default.

Identifying the RADIUS server to the device

To use a RADIUS server to authenticate access to a device, you must identify the server to the

device.

Example

PowerConnect(config)# radius-server host 209.157.22.99

Syntax: radius-server host <ip-addr> | <iipv6-addr> | <server-name> [auth-port <number>]

[acct-port <number>]

The host <ip-addr> | <ipv6-addr> | <server-name> parameter is either an IP address or an ASCII

text string.

The <auth-port> parameter is the Authentication port number. The default is 1645.

The <acct-port> parameter is the Accounting port number. The default is 1646.

Specifying different servers for individual AAA functions

In a RADIUS configuration, you can designate a server to handle a specific AAA task. For example,

you can designate one RADIUS server to handle authorization and another RADIUS server to

handle accounting. You can specify individual servers for authentication and accounting, but not

for authorization. You can set the RADIUS key for each server.

To specify different RADIUS servers for authentication, authorization, and accounting, enter

commands such as the following.

PowerConnect(config)# radius-server host 1.2.3.4 authentication-only key abc

PowerConnect(config)# radius-server host 1.2.3.5 authorization-only key def

PowerConnect(config)# radius-server host 1.2.3.6 accounting-only key ghi

Syntax: radius-server host <ip-addr> | <ipv6-addr> | <server-name> [auth-port <number>]

[acct-port <number>] [authentication-only | accounting-only | default] [key 0 | 1

<string>]

The default parameter causes the server to be used for all AAA functions.

After authentication takes place, the server that performed the authentication is used for

authorization and accounting. If the authenticating server cannot perform the requested function,

then the next server in the configured list of servers is tried; this process repeats until a server that

can perform the requested function is found, or every server in the configured list has been tried.

Configuring a RADIUS server per port

You can optionally configure a RADIUS server per port, indicating that it will be used only to

authenticate users on ports to which it is mapped. A RADIUS server that is not explicitly configured

as a RADIUS server per port is a global server, and can be used to authenticate users on ports to

which no RADIUS servers are mapped.