Modify RADIUS Server Settings

About this task

Change a specified RADIUS server value without having to delete the server and recreate it again.

RADIUS supports IPv4 and IPv6 addresses, with no difference in functionality or configuration using CLI.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Modify a RADIUS server:

    radius server host WORD <0–46> used-by {cli|eapol|endpoint-tracking|snmp|web} [key WORD<0-32>] [port 1-65536] [priority <1-10>] [retry <0-6>] [timeout <1-180>] [enable] [acct-port <1-65536>] [acct-enable] [source-ip WORD <0–46>]

Example

Modify a RADIUS server:

Switch:1>enable
Switch:1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch:1(config)#radius server host 4717:0000:0000:0000:0000:0000:7933:0001 used-by snmp port 12 retry 5 timeout 10 enable

Variable Definitions

The following table defines parameters for the radius server host command.

Variable

Value

used-by {cli|eapol|endpoint-tracking|snmp|web}

Configures how the server functions:

  • cli—configure the server for CLI authentication.

  • eapol—configure the server for EAPoL authentication.

  • endpoint-tracking—configure the server for Endpoint Tracking authentication.

  • snmp—configure the server for SNMP accounting.

  • web—configure the server for HTTP(s) authentication.

Use the no option to remove a host server: no radius server host WORD<0–46> used-by {cli|eapol|endpoint-tracking|snmp|web}. The default is cli. The default command is: default radius server host WORD<0–46> used-by {cli|eapol|endpoint-tracking|snmp|web}.

host WORD <0–46>

Configures a host server. WORD <0–46> signifies an IPv4 address in the format A.B.C.D or an IPv6 address in the format x:x:x:x:x:x:x:x. RADIUS supports IPv4 and IPv6 addresses, with no difference in functionality or configuration using CLI.

acct-enable

Enables RADIUS accounting on this server. The system enables RADIUS accounting by default.

acct-port <1-65536>

Configures the UDP port of the RADIUS accounting server (1 to 65536). The default value is 1813.
Important:

The UDP port value set for the client must match the UDP value set for the RADIUS server.

enable

Enables the RADIUS server. The default is true.

key WORD<0–32>

Configures the secret key of the authentication client.

port <1-65536>

Configures the UDP port of the RADIUS authentication server. The default value is 1812.

priority <1–10>

Configures the priority value for this server. The default is 10.

retry <0–6>

Configures the number of authentication retries the server will accept. The default is 3.

secure-enable

Note:

Exception: not supported on VSP 8600 Series.

Enable RADIUS Security (RADSec).

secure-log-level

Note:

Exception: not supported on VSP 8600 Series.

Specifies the log severity level. Possible values are :

  • critical

  • debug

  • error

  • info

  • warning

secure-mode

Note:

Exception: not supported on VSP 8600 Series.

Specifies the protocol used for secure connection to the server.

secure-profile

Note:

Exception: not supported on VSP 8600 Series.

Configures the secure profile for the server.

source-ip WORD <0–46>
Note:

Exception: only supported on VSP 8600 Series.

Configures an IP address as the source address when transmitting RADIUS packets. To use this option, you must have the global RADIUS sourceip-flag set to true. RADIUS supports IPv4 and IPv6 addresses, with no difference in functionality or configuration using CLI.

timeout <1–180>

Configures the number of seconds before the authentication request times out. The default is 8.