Administrator Guide
250 Authentication, Authorization, and Accounting
RADIUS Authentication Example
Use the following configuration to require RADIUS authentication to login
over a Telnet connection:
1
Create a login authentication list called “rad” that contains the method
radius. If this method returns an error, the user will fail to login:
console#config
console(config)#aaa authentication login “rad” radius
2
Create an enable authentication list called “raden” that contains the
method radius. If this method fails, then the user will fail to execute the
enable command:
console(config)#aaa authentication enable “raden” radius
3
The following command is the first step in defining a RADIUS server at IP
address 1.2.3.4. The result of this command is to place the user in radius-
server mode to allow further configuration of the server:
console(config)#radius-server host 1.2.3.4
4
Define the shared secret. This must be the same as the shared secret
defined on the RADIUS server:
console(config-radius)#key “secret”
console(config-radius)#exit
5
Enter the configuration mode for the Telnet line:
console(config)#line telnet
6
Assign the rad login authentication method list to be used for users
accessing the switch via Telnet:
console(config-telnet)#login authentication rad
7
Assign the raden enable authentication method list to be used for users
executing the enable command when accessing the switch via Telnet:
console(config-telnet)#enable authentication raden
console(config)#exit