API Guide

ManualsBrandsDell ManualsAccess PlatformsEMC Networking MX9116n

1031

The no version of this command removes a RADIUS server configuration.

Example

OS10(config)# radius-server host 1.5.6.4 key secret1

Supported

Releases

10.2.0E or later

radius-server host tls

Configures a RADIUS server for RADIUS over TLS user authentication and secure communication. For RADIUS over TLS

authentication, the radsec shared key and a security profile that uses an X.509v3 certificate are required.

Syntax

radius-server host {hostname | ip-address} tls security-profile profile-

name [auth-port tcp-port-number] key {0 authentication-key | 9

authentication-key | authentication-key}

Parameters

● hostname — Enter the host name of the RADIUS server.

● ip-address — Enter the IPv4 (A.B.C.D) or IPv6 (x:x:x:x::x) address of the RADIUS server.

● tls — Enter tls to secure RADIUS server communication using the TLS protocol.

● security-profile profile-name — Enter the name of an X.509v3 security profile to use with

RADIUS over TLS authentication. To configure a security profile for an OS10 application, see Security

profiles.

● auth-port tcp-port-number — (Optional) Enter the TCP port number that the server uses for

authentication. The range is from 1 to 65535. The default is 2083.

● key 0 authentication-key — Enter the radsec shared key in plain text.

● key 9 authentication-key — Enter the radsec shared key in encrypted format.

● authentication-key — Enter the radsec shared key in plain text. It is not necessary to enter 0

before the key.

Default TCP port 2083 on a RADIUS server for RADIUS over TLS communication

Command Mode CONFIGURATION

Usage

Information

For RADIUS over TLS authentication, configure the radsec shared key on the server and OS10 switch.

The show running-configuration output displays both the unencrypted and encrypted key in

encrypted format. Configure global settings for the timeout and retransmit attempts allowed on a RADIUS

over TLS servers using the radius-server retransmit and radius-server timeout

commands.

RADIUS over TLS authentication requires that X.509v3 PKI certificates are configured on a certification

authority and installed on the switch. For more information, including a complete RADIUS over TLS

example, see X.509v3 certificates.

Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.3.0. Also

supported in SmartFabric mode starting in release 10.5.0.1.

The no version of this command removes a RADIUS server from RADIUS over TLS communication.

Example

OS10(config)# radius-server host 1.5.6.4 tls security-profile radius-

admin key radsec

Supported

Releases

10.4.3.0 or later

radius-server retransmit

Configures the number of authentication attempts allowed on RADIUS servers.

Syntax

radius-server retransmit retries

Parameters retries — Enter the number of retry attempts, from 0 to 10.

Security 1035