Configure RADIUS Attributes
Configure RADIUS to authenticate user identity through a central database.
Procedure
Example
Configure RADIUS access priority:
Switch:1>enable Switch:1#configure terminal Switch:1(config)#radius access-priority-attribute 192
Configure RADIUS accounting to include CLI commands:
Switch:1(config)#radius accounting include-cli-commands
Variable Definitions
The following table defines parameters for the radius command.
Variable |
Value |
---|---|
access-priority-attribute <192-240> |
Specifies the value of the access priority attribute. The default is 192. |
accounting {attribute-value <192-240>|enable|include-cli-commands} |
Configures the accounting attribute value, enable accounting, or configure if accounting includes CLI commands. The default is false. |
auth-info-attr-value <0-255> |
Specifies the value of the authentication information attribute.The default is 91. |
clear-stat |
Clears RADIUS statistics. |
cli-cmd-count <1–40> |
Specifies how many CLI commands before the system sends a RADIUS accounting interim request. The default value is 40. |
cli-commands-attribute <192-240> |
Specifies the value of CLI commands attribute. The default is 195. |
cli-profile |
Enable RADIUS CLI profiling. CLI profiling grants or denies access to users being authenticated by way of the RADIUS server. You can add a set of CLI commands to the configuration on the RADIUS server, and you can specify the command-access more for these commands. The default is false. |
command-access-attribute <192-240> |
Specifies the value of the command access attribute. The default is 194. |
enable |
Enable RADIUS authentication globally on the switch. |
maxserver <1-10> |
Specific to RADIUS authentication, configures the maximum number of servers allowed for the device. The default is 10. |
mcast-addr-attr-value <0-255> |
Specifies the value of the multicast address attribute. The default is 90. |
secure-flag |
Specifies whether RADIUS Security (RADSec) is globally enabled. The default is disabled. |
secure-profile |
Specifies the RADSec profile name. |
server host WORD<0–46> key WORD<0–32> [used-by {cli|snmp|web} [acct-enable] [acct-port <1–65536> ] [enable] [port <1–65536> ] [priority <1–10> ] [retry <0–6>secure-enablesecure-log-level {critical | debug | error | info | warning}secure-mode{dtls | tls}secure-profileWORD<1-16> ] [timeout <1–60> ] |
|