Add a RADIUS Server

About this task

Add a RADIUS server to allow RADIUS service on the switch.

Remote Dial-In User Services (RADIUS) supports both IPv4 and IPv6 addresses, with no differences in functionality or configuration in all but the following case. When adding a RADIUS server or updating a RADIUS server in Enterprise Device Manager (EDM) you must specify if the address type is an IPv4 or an IPv6 address.

Procedure

  1. In the navigation pane, expand Configuration > Security > Control Path.
  2. Click RADIUS.
  3. Click the RADIUS Servers tab.
  4. Click Insert.
  5. Configure the server as required.
  6. Click Insert.

RADIUS Servers Field Descriptions

Use the data in the following table to use the RADIUS Servers tab.

Name

Description

AddressType

Specifies either an IPv4 or an IPv6 address. RADIUS supports IPv4 and IPv6 addresses.

Address

Specifies the IP address of the RADIUS server. RADIUS supports IPv4 and IPv6 addresses.

UsedBy

Configures how the server functions:

  • cli—configure the server for CLI authentication.

  • eapol—configure the server for EAPoL authentication.

  • endpointTracking—configure the server for Endpoint Tracking authentication.

  • snmp—configure the server for SNMP accounting.

  • web—configure the server for HTTP(s) authentication.

The default is cli.

Priority

Specifies the priority of each server, or the order of servers to send authentication. The default is 10.

TimeOut

Specifies the time interval in seconds before the client retransmits the packet. The default is 8.

Enable

Enables or disables authentication on the server. The default is true.

MaxRetries

Specifies the maximum number of retransmissions allowed. The default is 1.

UdpPort

Specifies the UDP port that the client uses to send requests to the server. The default value is 1812.

The UDP port value set for the client must match the UDP value set for the RADIUS server.

SecretKey

Specifies the RADIUS server secret key, which is the password used by the client to be validated by the server.

AcctEnable

Enables or disable RADIUS accounting. The default is true.

AcctUdpPort

Specifies the UDP port of the RADIUS accounting server. The default value is 1813.

The UDP port value configured for the client must match the UDP value configured for the RADIUS server.

SecureEnable

Note:

Exception: not supported on VSP 8600 Series.

Enable RADIUS Security (RADSec).

SecureMode

Note:

Exception: not supported on VSP 8600 Series.

Specifies the RADSec security mode. Possible values are:

  • tls - Transport Layer Security (TLS) encryption over Transmission Control Protocol (TCP)
  • dtls - Datagram Transport Layer Security (DTLS) encryption over User Datagram Protocol (UDP)

The default is tls.

SecureProfile

Note:

Exception: not supported on VSP 8600 Series.

Specifies the name of the secure profile.

SecureLogLevel

Note:

Exception: not supported on VSP 8600 Series.

Specifies the log severity level. Possible values are :

  • critical

  • error

  • warning

  • info

  • debug

SourceIpAddr

Specifies the IP address to use as the source address in RADIUS packets. To use this option, you must set the global RADIUS SourceIpFlag to true. RADIUS supports IPv4 and IPv6 addresses.