You can use RADIUS authentication to use a remote server to authenticate logons. The RADIUS server also provides access authority. RADIUS assists network security and authorization by managing a database of users. The device uses this database to verify user names and passwords as well as information about the type of access priority available to the user.
When the RADIUS client sends an authentication request requesting additional information such as a SecurID number, it sends it as a challenge-response. Along with the challenge-response, it sends a reply-message attribute. The reply-message is a text string, such as Please enter the next number on your SecurID card:. The RFC defined maximum length of each reply-message attribute is 253 characters. If you have multiple instances of reply-message attributes that together form a large message that displays to the user, the maximum length is 2000 characters.
You can use additional user names to access the device, in addition to the six existing user names of ro, L1, L2, L3, rw, and rwa. The RADIUS server authenticates the user name and assigns one of the existing access priorities to that name. Unauthenticated user names are denied access to the device. You must add user names ro, L1, L2, L3, rw, and rwa to the RADIUS server if you enable authentication. Users not added to the server are denied access.
The limitation on the number of characters in a username for users logging into CLI or EDM configured with RADIUS authentication is 64 chararcters.
Note
RADIUS server used‐by snmp does not support authentication.
The following list shows the user configurable options of the RADIUS feature:
Up to 10 RADIUS servers in each device for fault tolerance (each server is assigned a priority and is contacted in that order).
A secret key for each server to authenticate the RADIUS client
The server UDP port
Maximum retries allowed
Time-out period for each attempt
Note
Administrator
Privilege
Operator
Auditor
Security
The switch associates each username with a certain role and appropriate authorization rights to view and configure commands. For more information on system access fundamentals and configuration, see System Access.