Configuring the Authentication Server

There are four aspects to configuring the authentication server:

State enables or disables the RADIUS client for this switch.
Establishment values configure a timer setting the length of time before retries, as well as the number of retries, before the switch determines the authentication server is down and attempts to establish with the next server in its list.
Server identification provides for the configuration of the server IP address and index value. The index determines the order in which the switch will attempt to establish a session with an authentication server. After setting the index and IP address you are prompted to enter a secret value for this authentication server. Any authentication requests to this authentication server must present the correct secret value to gain authentication.
The realm provides for configuration scope for this server: management access, network access, or both.

The S- K- and 7100-Series firmware supports the configuration of multiple ASs. The lowest index value associated with the server determines the primary server. If the primary server is down, the operational server with the next lowest index value is used. If the switch fails to establish contact with the authentication server before a configured timeout, the switch will retry for the configured number of times.

Servers can be restricted to management access or network access authentication by configuring the realm option.

Authentication Server Configuration describes authentication server configuration.

Authentication Server Configuration

Step	Task	Command(s)
1	Configure the index value, IP address, and secret value for this authentication server.	set radius server index ip-address [secret-value]
2	Optionally set maximum number of sticky round robin authentication sessions allowed for either the specified RADIUS server or all RADIUS servers	set radius max-sessions max-sessions {index \| all}
3	Optionally set the number of seconds the switch will wait before retrying authentication server establishment.	set radius timeout timeout
4	Optionally set the number of retries that will occur before the switch declares an authentication server down.	set radius retries retries
5	Optionally set the authentication server configuration scope to management access, network access, or both for all or the specified authentication server.	set radius realm {management-access \| network-access \| any} {as-index \| all}
6	Optionally set the RADIUS authentication algorithm method for RADIUS server selection.	set radius algorithm {standard \| round-robin \| sticky-round-robin}
7	Globally enable or disable RADIUS on the switch.	set radius {enable \| disable}
8	Reset the specified RADIUS setting to its default value.	clear radius {[state] [retries] [timeout] [server [index \| all] [realm {index \| all}]
9	Display the current RADIUS authentication server settings.	show radius [state \| retries \| authtype \| timeout \| server [index \| all]]

Published May 2016prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback