Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentAlpine 3800 FM-24MFi

16 ExtremeWare 7.3.1b3 Release Notes

Overview

Configuring a RADIUS Server for Network Login Users (Wired and Wireless)

If you want to configure RADIUS for Network Login users only and do not want to configure RADIUS

for management access, do the following:

1 Configure the first primary or secondary RADIUS server.

2 Configure the second primary or secondary RADIUS server using a fictitious IP address.

3 Configure authentication to the fictitious IP address using the

config auth mgmt-access radius

command.

4 Login to the switch. RADIUS authentication will always fail, causing the switch to time out and go

to the local account. Authentication is performed at the local account.

Management Access with RADIUS Enabled

Switch management access must use RADIUS for authentication when RADIUS is enabled on the

switch.

Workaround: If you want to use local authentication for management access, you should configure

invalid RADIUS servers (both primary and secondary) for management access. This will cause RADIUS

authentication to timeout and fall back to local authentication. This feature works as designed today

and will be enhanced in a future release.

RADIUS Examples

Example 1:

config radius primary server 10.201.30.8 client-ip 10.201.56.3

config radius secondary server 10.201.30.9 client-ip 10.201.56.3

config radius primary server 1.1.1.1 client-ip 10.201.56.3

config radius primary shared-secret secret

config radius secondary shared-secret secret

enable radius

configure auth netlogin radius primary 10.201.30.8 secondary 10.201.30.9

config auth mgmt-access radius primary 1.1.1.1

Output 1:

* mars:32 # show radius

Radius: enabled

Primary Radius server shared-secret "qijxou"

Secondary Radius server shared-secret "qijxou"

Radius Server Connect Timeout sec 3

Radius servers:

Server name: 10.201.30.8

Server type: Primary

IP address: 10.201.30.8

Server IP Port: 1645

Client address: 10.201.56.3

Radius Server Connect Timeout sec: 3

Shared secret: qijxou

Access Requests: 0 Access Accepts: 0 Access Rejects: 0

Access Challenges: 0 Access Retransmits: 0 Client timeouts: 0

Bad authenticators: 0 Unknown types: 0 Round Trip Time: 0 sec(s)

Server name: 10.201.30.9

Server type: Secondary