Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4820T
731732733734735736737738739740
NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used
independent of authentication. However, if you have congured RADIUS authorization and have not congured
authentication, a message is logged stating this. During authorization, the next method in the list (if present) is used, or
if another method is not present, an error is reported.
To view the conguration, use the show config in LINE mode or the show running-config command in EXEC Privilege
mode.
Dening a AAA Method List to be Used for RADIUS
To congure RADIUS to authenticate or authorize users on the system, create a AAA method list.
Default method lists do not need to be explicitly applied to the line, so they are not mandatory.
To create a method list, use the following commands.
Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the RADIUS authentication
method.
CONFIGURATION mode
aaa authentication login method-list-name radius
Create a method list with RADIUS and TACACS+ as authorization methods.
CONFIGURATION mode
aaa authorization exec {method-list-name | default} radius tacacs+
Typical order of methods: RADIUS, TACACS+, Local, None.
If RADIUS denies authorization, the session ends (RADIUS must not be the last method specied).
Applying the Method List to Terminal Lines
To enable RADIUS AAA login authentication for a method list, apply it to a terminal line.
To congure a terminal line for RADIUS authentication and authorization, use the following commands.
Enter LINE mode.
CONFIGURATION mode
line {aux 0 | console 0 | vty number [end-number]}
Enable AAA login authentication for the specied RADIUS method list.
LINE mode
login authentication {method-list-name | default}
This procedure is mandatory if you are not using default lists.
To use the method list.
CONFIGURATION mode
authorization exec methodlist
Specifying a RADIUS Server Host
When conguring a RADIUS server host, you can set dierent communication parameters, such as the UDP port, the key password,
the number of retries, and the timeout.
To specify a RADIUS server host and congure its communication parameters, use the following command.
Enter the host name or IP address of the RADIUS server host.
CONFIGURATION mode
radius-server host {hostname | ip-address} [auth-port port-number] [retransmit retries]
[timeout seconds] [key [encryption-type] key]
Security
737