KB.15.15

Using

Using multiple RADIUS server groups

The authentication and accounting features on the switch can use up to fifteen RADIUS servers and

these servers can be put into groups. Up to 5 groups of 3 RADIUS servers each can be configured.

The authentication and accounting features can choose which RADIUS server group to communicate

with. End-user authentication methods (802.1X, MAC-based and web-based) can authenticate

with different RADIUS servers from the management interface authentication methods (console,

telnet, ssh, web).

Several commands are used to support the RADIUS server group option. The RADIUS server must

be configured before it can be added to a group. See “Configuring the switch for RADIUS

authentication” (page 143) for more information.

Figure 135 RADIUS server group command output

Adding and deleting servers to the RADIUS configuration

Syntax:

[no]radius-server host ip-address

Adds a server to the RADIUS configuration. Up to fifteen RADIUS server addresses

can be added. The switch uses the first server it successfully accesses.

no deletes a server from the configuration

Setting accounting type, and how data is sent

Syntax:

aaa accounting <exec | network | system | commands

| <start-stop | stop-only> radius [ server-group |

<group-name> ]

Configures accounting type and sets how data is sent to the RADIUS server.

radius

Uses RADIUS protocol as accounting method.

server-group <group-name>

Specifies the server group to use with RADIUS.

Allowing reauthentication when RADIUS server is unavailable

Syntax:

[no] aaa authentication <port-access | web-based |

mac-based> <primary method>

174 RADIUS Authentication, Authorization, and Accounting