Command Reference Guide
Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 90
The following table describes the RADIUS Server Configuration Menu options.
Table 82 RADIUS Server Configuration Menu options
Command
Description
prisrv <IP address>
<-mgt|-data>
Sets the primary RADIUS server address.
secsrv <IP address>
<-mgt|-data>
Sets the secondary RADIUS server address.
secret <1-32 characters>
This is the shared secret between the switch and the RADIUS
server(s).
secret2 <1-32 characters>
This is the secondary shared secret between the switch and the
RADIUS server(s).
port <UDP port number>
Enter the number of the User Datagram Protocol (UDP) port to
be configured, between 1500-3000. The default is 1645.
retries <1-3>
Sets the number of failed authentication requests before
switching to a different RADIUS server. The range is 1-3 requests
The default is 3 requests.
timeout <1-10>
Sets the amount of time, in seconds, before a RADIUS server
authentication attempt is considered to have failed. The range
is 1-10 seconds. The default is 3 seconds.
bckdoor enable|disable
Enables or disables the RADIUS back door for telnet/SSH/
HTTP/HTTPS. The default value is disabled. This command does
not apply when secure backdoor (secbd) is enabled.
secbd enable|disable
Enables or disables the RADIUS back door using secure password
for telnet/SSH/ HTTP/HTTPS. The default value is disabled. This
command does not apply when backdoor (telnet) is enabled.
on
Enables the RADIUS server.
off
Disables the RADIUS server. This is the default.
cur
Displays the current RADIUS server parameters.
IMPORTANT: If RADIUS is enabled, you must login using RADIUS authentication when connecting
via the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can
connect using noradius and the administrator password even if the backdoor (bckdoor) or secure
backdoor (secbd) are disabled.
If Telnet backdoor is enabled (bckdoor ena), type in noradius as a backdoor to bypass RADIUS
checking, and use the administrator password to log into the switch. The switch allows this even if
RADIUS servers are available.
If secure backdoor is enabled (secbd ena), type in noradius as a backdoor to bypass RADIUS
checking, and use the administrator password to log into the switch. The switch allows this only if
RADIUS servers are not available.
TACACS+ server configuration
Command: /cfg/sys/tacacs+
[TACACS+ Server Menu]
prisrv - Set IP address of primary TACACS+ server
secsrv - Set IP address of secondary TACACS+ server
secret - Set secret for primary TACACS+ server
secret2 - Set secret for secondary TACACS+ server
port - Set TACACS+ port number
retries - Set number of TACACS+ server retries
timeout - Set timeout value of TACACS+ server retries
bckdoor - Enable/disable TACACS+ backdoor for telnet/ssh/http/hhtps
secbd - Enable/disable TACACS+ secure backdoor for telnet/ssh/http/https
cmap - Enable/disable TACACS+ new privilege level mapping
usermap - Set user privilege mappings
on - Enable TACACS+ authentication
off - Disable TACACS+ authentication
cur - Display current TACACS+ settings
TACACS+ (Terminal Access Controller Access Control System) is an authentication protocol that allows a
remote access server to forward a user's logon password to an authentication server to determine