Modify RADIUS Server Settings
About this task
Change a specified RADIUS server value without having to delete the server and recreate it again.
Procedure
Example
Modify a RADIUS server:
Switch:1>enable Switch:1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch:1(config)#radius server host 4717:0000:0000:0000:0000:0000:7933:0001 used-by snmp port 12 retry 5 timeout 10 enable
Variable Definitions
The following table defines parameters for the radius server host command.
Variable |
Value |
---|---|
host WORD<0–113> |
Configures a host server. WORD<0–113> specifies the IPv4 address, IPv6 address, or fully qualified domain name (FQDN). If you use an FQDN, you must also configure the switch to use DNS. |
acct-enable |
Enables RADIUS accounting on this server. The system enables RADIUS accounting by default. |
acct-port <1-65536> |
Configures the UDP port of the RADIUS accounting server. The
default value is 1813.
Important:
The UDP port value set for the client must match the UDP value set for the RADIUS server. |
enable |
Enables the RADIUS server. The default is true. |
key WORD<0–32> |
Configures the secret key of the authentication client. |
port <1-65536> |
Configures the UDP port of the RADIUS authentication server. The default value is 1812. |
priority <1–10> |
Configures the priority value for this server. The default is 10. |
retry <0–6> |
Configures the number of authentication retries the server will accept. The default is 1. |
secure-enable |
Enable RADIUS Security (RADSec). |
secure-log-level <critical | debug | error | info | warning> |
Specifies the log severity level. The default is error. |
secure-mode <dtls | tls> |
Specifies the protocol for establishing the secure connection with the server. The possible values are:
The default is TLS. Important:
To avoid TLS handshake issues if the switch and RADsec proxy
server run different versions of OpenSSL, manually force TLS
version 2 negotiation through the RADsec proxy by adding the
following text to the radsecproxy.conf configuration file:
tls default{ ... TlsVersion TLS1_2 } |
secure-ocsp |
Enable RADIUS Online Certificate Status Protocol (OCSP) checking. The default is disabled. |
secure-profile WORD<1-16> |
Configures the secure profile for the server. |
timeout <1–180> |
Configures the number of seconds before the authentication request times out. The default is 8. |
used-by {cli | eapol | endpoint-tracking | snmp | web} |
Configures how the server functions:
The default is cli. |