Connectivity Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048-ON

811

812

813

814

815

816

817

818

819

820

Usage Information The authentication key must match the key congured on the RADIUS server. You cannot enter spaces in the key.

The show running-configuration output displays both unencrypted and encrypted keys in encrypted

format. Congure global settings for the timeout and retransmit attempts allowed on RADIUS servers using the

radius-server retransmit and radius-server timeout commands. The no version of this

command removes a RADIUS server conguration.

Example

OS10(config)# radius-server host 1.5.6.4 key secret1

Supported Releases 10.2.0E or later

radius-server host tls

Congures a RADIUS server for RADIUS over TLS user authentication and secure communication. The radsec shared key and a security

prole that uses an X.509v3 certicate is required for RADIUS over TLS authentication.

Syntax

radius-server host {hostname | ip-address} tls security-profile profile-name

[auth-port tcp-port-number] key {0 authentication-key | 9 authentication-key |

authentication-key}

Parameters

• hostname — Enter the host name of the RADIUS server.

• ip-address — Enter the IPv4 (A.B.C.D) or IPv6 (x:x:x:x::x) address of the RADIUS server.

• tls — Enter tls to secure RADIUS server communication using the TLS protocol.

• security-profile profile-name — Enter the name of an X.509v3 security prole to use with

RADIUS over TLS authentication. To congure a security prole for an OS10 application, see Security proles.

• auth-port tcp-port-number — (Optional) Enter the TCP port number that the server uses for

authentication. The range is from 0 to 65535. The default is 2083.

• key 0 authentication-key — Enter the radsec shared key in plain text.

• key 9 authentication-key — Enter the radsec shared key in encrypted format.

• authentication-key — Enter the radsec shared key in plain text. It is not necessary to enter 0 before

the key.

Default TCP port 2083 on a RADIUS server is used for RADIUS over TLS communication.

Command Mode CONFIGURATION

Usage Information For RADIUS over TLS authentication, congure the radsec shared key on the server and OS10 switch. The show

running-configuration output displays both the unencrypted and encrypted key in encrypted format.

Congure global settings for the timeout and retransmit attempts allowed on a RADIUS over TLS servers using the

radius-server retransmit and radius-server timeout commands. The no version of this

command removes a RADIUS server from RADIUS over TLS communication.

RADIUS over TLS authentication requires that X.509v3 PKI certicates are congured on a certication authority

and installed on the switch. For more information, including a complete RADIUS over TLS example, see xref="X.

509v3 certicates".

Example

OS10(config)# radius-server host 1.5.6.4 tls security-profile radius-admin key

radsec

Supported Releases 10.4.3.0 or later

816 Security