Configure an EAP-enabled RADIUS Server

The switch uses RADIUS servers for authentication and accounting services. Use the no form to delete a RADIUS server.

Before you begin

  • You must enable EAP globally.

About this task

The RADIUS server uses the secret key to validate users.

RADIUS supports IPv4 and IPv6 addresses, with no difference in functionality or configuration.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Add an EAP-enabled RADIUS server:

    radius server host WORD <0–46> used-by eapol acct-enable

    radius server host WORD <0–46> used-by eapol acct-port <1-65536>

    radius server host WORD <0–46> used-by eapol enable

    radius server host WORD <0–46> used-by eapol key WORD<0-20>

    radius server host WORD <0–46> used-by eapol port <1-65536>

    radius server host WORD <0–46> used-by eapol priority <1-10>

    radius server host WORD <0–46> used-by eapol retry <0-6>

    radius server host WORD <0–46> used-by eapol secure-enable

    radius server host WORD <0–46> used-by eapol secure-log-level

    radius server host WORD <0–46> used-by eapol secure-mode

    radius server host WORD <0–46> used-by eapol secure-profile

    radius server host WORD <0–46> used-by eapol source-ip WORD <0–46>

    radius server host WORD <0–46> used-by eapol timeout <1-180>

    By default, the switch uses RADIUS UDP port 1812 for authentication, and port 1813 for accounting. You can change the port numbers or other RADIUS server options.

Example

Switch:1> enable

Switch:1# configure terminal

Add an EAP RADIUS server:

Switch:1(config)# radius server host fe80:0:0:0:21b:4fff:fe5e:73fd key radiustest used-by eapol

Variable Definitions

The following table defines parameters to configure an EAP-enabled RADIUS server with the radius server host command.

Variable

Value

host WORD<0–46>

Specifies the IP address of the selected server. RADIUS supports IPv4 and IPv6 addresses, with no difference in functionality or configuration.

WORD<0-20>

Specifies the secret key, which is a string of up to 20 characters.

The following table defines parameters to use optional arguments of the radius server host command.

Variable

Value

port <1-65535>

Specifies the port ID number.

priority <1-10>

Specifies the priority number. The lowest number is the highest priority.

retry <0-6>

Specifies the retry count of the account.

timeout <1-180>

Specifies the timeout of the server. The default is 30.

enable

Enables the functions used by the RADIUS server host.

acct-port <1-65536>

Specifies the port account.

acct-enable

Enables the account.

secure-enable

Enable secure mode on the server.

secure-log-level

Specifies the RADIUS secure server log severity level. Possible values are:

  • critical

  • debug

  • error

  • info

  • warning

secure-mode

Specifies the protocol for establishing the secure connection with the server.

secure-profile

Specifies the secure profile name.

source-ip WORD<0–46>
Note:

Exception: only supported on VSP 8600 Series.

Specifies the IP source. RADIUS supports IPv4 and IPv6 addresses, with no difference in functionality or configuration.