Add a RADIUS Server
About this task
Add a RADIUS server to provide RADIUS service on the switch.
RADIUS supports IPv4 and IPv6 addresses, with no difference in functionality or configuration using CLI.
Procedure
Example
Add a RADIUS server:
Switch:1>enable Switch:1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch:1(config)#radius server host 4717:0000:0000:0000:0000:0000:7933:0001 key testkey1 used-by snmp port 12 retry 5 timeout 10 enable
Variable Definitions
The following table defines parameters for the radius server host command.
Variable |
Value |
---|---|
used-by {cli|eapol|endpoint-tracking|snmp|web} |
Configures how the server functions:
The default is cli. |
host WORD <0–46> |
Configures a host server. WORD <0–46> signifies an IPv4 address in the format A.B.C.D or an IPv6 address in the format x:x:x:x:x:x:x:x. RADIUS supports IPv4 and IPv6 addresses, with no difference in functionality or configuration using CLI. |
acct-enable |
Enables RADIUS accounting on this server. The system enables RADIUS accounting by default. |
acct-port <1-65536> |
Configures the UDP port of the RADIUS accounting server. The
default value is 1813.
Important:
The UDP port value set for the client must match the UDP value set for the RADIUS server. |
enable |
Enables the RADIUS server. The default is true. |
key WORD<0–32> |
Configures the secret key of the authentication client. |
port <1-65536> |
Configures the UDP port of the RADIUS authentication server. The default value is 1812. |
priority <1–10> |
Configures the priority value for this server. The default is 10. |
retry <0–6> |
Configures the number of authentication retries the server will accept. The default is 3. |
secure-enable |
Enable RADIUS Security (RADSec). |
secure-log-level |
Specifies the log severity level. Possible values are :
|
secure-mode |
Specifies the protocol used for secure connection to the server. |
secure-profile |
Configures the secure profile for the server. |
timeout <1–180> |
Configures the number of seconds before the authentication request times out. The default is 8. |