There are four aspects to configuring the authentication server:
The S- K- and 7100-Series firmware supports the configuration of multiple ASs. The lowest index value associated with the server determines the primary server. If the primary server is down, the operational server with the next lowest index value is used. If the switch fails to establish contact with the authentication server before a configured timeout, the switch will retry for the configured number of times.
Servers can be restricted to management access or network access authentication by configuring the realm option.
Authentication Server Configuration describes authentication server configuration.
Step | Task | Command(s) |
---|---|---|
1 | Configure the index value, IP address, and secret value for this authentication server. | set radius server index ip-address [secret-value] |
2 | Optionally set maximum number of sticky round robin authentication sessions allowed for either the specified RADIUS server or all RADIUS servers | set radius max-sessions max-sessions {index | all} |
3 | Optionally set the number of seconds the switch will wait before retrying authentication server establishment. | set radius timeout timeout |
4 | Optionally set the number of retries that will occur before the switch declares an authentication server down. | set radius retries retries |
5 | Optionally set the authentication server configuration scope to management access, network access, or both for all or the specified authentication server. | set radius realm {management-access | network-access | any} {as-index | all} |
6 | Optionally set the RADIUS authentication algorithm method for RADIUS server selection. | set radius algorithm {standard | round-robin | sticky-round-robin} |
7 | Globally enable or disable RADIUS on the switch. | set radius {enable | disable} |
8 | Reset the specified RADIUS setting to its default value. | clear radius {[state] [retries] [timeout] [server [index | all] [realm {index | all}] |
9 | Display the current RADIUS authentication server settings. | show radius [state | retries | authtype | timeout | server [index | all]] |