Administrator Guide
Security Commands 942
radius-server key
Use the radius-server key command in Global Configuration mode to set the
authentication and encryption key for all RADIUS communications between
the switch and the RADIUS server. Use the no form of the command to
disable the key.
Syntax
radius-server key [ 0 | 7 ]
key-string
no radius-server key
• 0—The key string that follows is the unencrypted shared secret. The
length is 1–256 characters.
• 7—The key string that follows is the encrypted shared secret. The length is
32 characters.
•
key-string
— The key string in encrypted or unencrypted form. In
encrypted form, it must be 256 bits/32 characters in length. In
unencrypted form, it may be up to 256 characters in length.
Default Configuration
The default is an empty string.
Command Mode
Global Configuration
User Guidelines
In an Access-Request, encrypted passwords are sent using the RSA Message
Digest algorithm (MD5). MD5 always transmits the encrypted password in 32
characters.
If no encryption parameter (7 or encrypted) is present, the key string is
interpreted as an unencrypted shared secret.
Keys are always displayed in their encrypted form in the running
configuration.
The encryption algorithm is the same across switches. Encrypted passwords
may be copied from one switch and pasted into another switch and will send
the same MD5 encrypted password over the wire.
2CSNXXX_SWUM204.book Page 942 Monday, January 25, 2016 1:25 PM