Modify a RADIUS Configuration
About this task
Use this procedure to modify an existing RADIUS configuration or single function such as retransmissions and RADIUS accounting.
RADIUS supports IPv4 and IPv6 addresses with no difference in functionality or configuration in all except the following case. When modifying a RADIUS configuration in Enterprise Device Manager (EDM), you must specify if the address type is an IPv4 or an IPv6 address.
Procedure
- In the navigation pane, expand .
- Select RADIUS.
- Select the RADIUS Servers tab.
- In the row and field to modify, type the information or use the lists to make a selection. Access the lists by double-clicking in a field.
- Select Apply.
RADIUS Servers Field Descriptions
Use the data in the following table to use the RADIUS Servers tab.
Name |
Description |
---|---|
AddressType |
Specifies the address type as either an IPv4 address, IPv6 address, or dns for a Fully Qualified Domain Name (FQDN). |
Address |
Specifies the IP address or FQDN of the RADIUS server. |
UsedBy |
Configures how the server functions:
The default is cli. |
Priority |
Specifies the priority of each server, or the order of servers to send authentication. The default is 10. |
TimeOut |
Specifies the time interval in seconds before the client retransmits the packet. The default is 8. |
Enable |
Enables or disables authentication on the server. The default is true. |
MaxRetries |
Specifies the maximum number of retransmissions allowed. The default is 1. |
UdpPort |
Specifies the UDP port that the client uses to send requests to the server. The default value is 1812. The UDP port value set for the client must match the UDP value set for the RADIUS server. |
SecretKey |
Specifies the RADIUS server secret key, which is the password used by the client to be validated by the server. |
AcctEnable |
Enables or disable RADIUS accounting. The default is true. |
AcctUdpPort |
Specifies the UDP port of the RADIUS accounting server. The default value is 1813. The UDP port value configured for the client must match the UDP value configured for the RADIUS server. |
SecureEnable |
Enable RADIUS Security (RADSec). The default is disabled. |
SecureMode |
Specifies the RADSec security mode. Possible values are:
The default is tls. Important:
To avoid TLS handshake issues if the switch and RADsec proxy
server run different versions of OpenSSL, manually force TLS
version 2 negotiation through the RADsec proxy by adding the
following text to the radsecproxy.conf configuration file:
tls default{ ... TlsVersion TLS1_2 } |
SecureProfile |
Specifies the name of the secure profile. |
SecureLogLevel |
Specifies the log severity level. Possible values are :
The default is error. |