Configure RADSec Secure Mode

Configure the secure mode for RADSec as either Transport Layer Security (TLS) protocol or Datagram Transport Layer Security (DTLS) protocol.

Before you begin

To avoid TLS handshake issues if the switch and RADsec proxy server run different versions of OpenSSL, manually force TLS version 2 negotiation through the RADsec proxy by adding the following text to the radsecproxy.conf configuration file:
tls default{
     ...         
     TlsVersion TLS1_2
}

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Configure the secure mode:

    radius server host WORD<0-113> used-by {cli | eapol | endpoint-tracking | snmp | web} secure-mode {tls | dtls}