Switch User Manual
User Authentication Commands
21-6
21
RADIUS Client
Remote Authentication Dial-in User Service (RADIUS) is a logon authentication
protocol that uses software running on a central server to control access to
RADIUS-aware devices on the network. An authentication server contains a
database of multiple user name/password pairs with associated privilege levels for
each user or group that require management access to a switch.
radius-server host
This command specifies primary and backup RADIUS servers and authentication
parameters that apply to each server. Use the no form to restore the default values.
Syntax
[no] radius-server index host {host_ip_address | host_alias}
[auth-port auth_port] [timeout timeout] [retransmit retransmit] [key key]
• index - Allows you to specify up to five servers. These servers are queried
in sequence until a server responds or the retransmit period expires.
• host_ip_address - IP address of server.
• host_alias - Symbolic name of server. (Maximum length: 20 characters)
• port_number - RADIUS server UDP port used for authentication
messages. (Range: 1-65535)
• timeout - Number of seconds the switch waits for a reply before resending
a request. (Range: 1-65535)
• retransmit - Number of times the switch will try to authenticate logon access
via the RADIUS server. (Range: 1-30)
• key - Encryption key used to authenticate logon access for client. Do not
use blank spaces in the string. (Maximum length: 48 characters)
Default Setting
• auth-port - 1812
• timeout - 5 seconds
• retransmit - 2
Command Mode
Global Configuration
Table 21-5 RADIUS Client Commands
Command Function Mode Page
radius-server host Specifies the RADIUS server GC 21-6
radius-server port Sets the RADIUS server network port GC 21-7
radius-server key Sets the RADIUS encryption key GC 21-7
radius-server retransmit Sets the number of retries GC 21-8
radius-server timeout Sets the interval between sending authentication requests GC 21-8
show radius-server Shows the current RADIUS settings PE 21-8