Note
It is recommended to enable loopback mode on the VLAN associated with radius if the radius connectivity is established via a front panel port on a SummitStack.mgmt-access | Specifies the RADIUS authentication server for switch management. |
netlogin | Specifies the RADIUS authentication server for network login. |
primary | Configures the primary RADIUS authentication server. |
secondary | Configures the secondary RADIUS authentication server. |
index | RADIUS server index. Range: 1 - 2147483641. |
host_ipaddr | The IP address of the server being configured. |
host_ipV6addr | Server IPv6 address. |
hostname | The host name of the server being configured. |
udp_port | The UDP port to use to contact the RADIUS authentication server. |
tls | Specifies using Transfer Layer Security (TLS). |
tls_port | The TLS port to use to contact the RADIUS authentication server. |
ipaddress | The IP address used by the switch to identify itself when communicating with the RADIUS authentication server. |
client_ipV6addr | Client IPv6 address. |
vr_name | Specifies the virtual router
on which the client IP is located. Note: User-created VRs are supported only on the platforms listed for
this feature in the
Switch Engine v33.1.1 Licensing Guide
document.
|
shared-secret | Shared secret |
secret |
Secret string. Important: Use quotes to enclose the string. Failure
to do so causes the CLI to treat the string as a comment,
since the string starts with a"#" symbol.
|
encrypted | Password is encrypted. |
Use this command to specify RADIUS server information.
Use of the hostname parameter requires that DNS be enabled.
The RADIUS server defined by this command is used for user name authentication and CLI command authentication.
Beginning with ExtremeXOS 11.2, you can specify one pair of RADIUS authentication servers for switch management and another pair for network login. To specify RADIUS authentication servers for switch management (Telnet, SSH, and console sessions), use the mgmt-access keyword. To specify RADIUS authentication servers for network login, use the netlogin keyword. If you do not specify a keyword, switch management and network login use the same pair of RADIUS authentication servers.
If you are running ExtremeXOS 11.1 or earlier and upgrade to ExtremeXOS 11.2, you do not lose your existing RADIUS server configuration. Both switch management and network login use the RADIUS authentication server specified in the older configuration.
Specifying mgmt-access or netlogin before the index will create a RADIUS entry with only that realm specified, if neither are specified both realms will be enabled.
Note
You cannot use a stacking alternate IP address as the RADIUS client in primary RADIUS server configuration.The following example configures the primary RADIUS server on host radius1 using the default UDP port (1812) for use by the RADIUS client on switch 10.10.20.30 using a virtual router interface of VR-Default:
configure radius primary server radius1 client-ip 10.10.20.30 vr vr-Default
The following example configures the primary RADIUS server for network login authentication on host netlog1 using the default UDP port for use by the RADIUS client on switch 10.10.20.31 using, by default, the management virtual router interface:
configure radius netlogin primary server netlog1 client-ip 10.10.20.31
This command was first available in ExtremeXOS 10.1.
The mgmt-access and netlogin keywords were added in ExtremeXOS 11.2.
The index, host_ipV6addr, client_ipV6addr, shared-secret, and encrypted keywords were added in ExtremeXOS 16.1.
The tls keyword with tls_port variable was added in ExtremeXOS 31.4.
This command is available on all Universal switches supported in this document.