Manualshelf

Concept Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series
791792793794795796797798799800
CONFIGURATION mode
aaa radius auth-method mschapv2
3 Establish a host address and password.
CONFIGURATION mode
radius-server host H key K
4 Log in to switch using console or telnet or ssh with a valid user role.
When 1-factor authentication is used, the authentication succeeds enabling you to access the switch. When two-factor authentication is
used, the system prompts you to enter a one-time password as a second step of authentication. If a valid one-time password is supplied,
the authentication succeeds enabling you to access the switch.
Congure RADIUS attributes 8, 87 and 168
Dell EMC Networking OS supports RADIUS attribute provisioning to indicate RADIUS server with IP address to be assigned to a supplicant
and port to which the supplicant is connected. A supplicant is a device attempting to access the network.
Attribute 8
The RADIUS attribute 8 (Framed-IP-Address) indicates the RADIUS server with the IPv4 address that needs to be assigned to a supplicant
connected to the switch. The switch or network access server (NAS) sends the IPv4 address of the connected supplicant as attribute 8 in
the RADIUS Access-Accept requests to the server. The NAS discovers the IPv4 address of the supplicant through Dynamic Host
Conguration Protocol (DHCP). The RADIUS server processes the attributes in the access requests and responds to the NAS based on
the requests.
Enable IPv4 and IPv6 DHCP snooping in the switch to discover a host IPv4 or IPv6 address using the attribute in the RADIUS access
requests.
To include RADIUS attribute 8 in access requests, use the following command:
DellEMC(conf)# radius-server attribute 8 include-in-access-req
Use no form on the command to remove the attribute 8 conguration.
Attribute 87
The attribute 87 indicates the RADIUS server with the NAS port to which the supplicant is connected. The NAS sends the attribute 87 to
the RADIUS server through the RADIUS access requests. By default, the access requests include the attribute 87.
Attributes 168
RADIUS attribute 168 (Framed-IPv6-Address) indicates the RADIUS server with the IPv6 address to be assigned to the supplicant. The
NAS discovers the IPv6 address of the supplicant and sends the IPv6 address as attribute 168 to the RADIUS server in the access
requests.
To include RADIUS attribute 168 in access requests, use the following command:
DellEMC(conf)# radius-server attribute 168 include-in-access-req
Use no form on the command to remove the attribute 168 conguration.
Security
791