Configures the key sent to a RADIUS client.

A RADIUS client is a mechanism to communicate with a central server to authenticate users and authorize access to the controller, service platform or access point managed network.

The client and server share a secret (a password). That shared secret followed by the request authenticator is put through a MD5 hash algorithm to create a 16 octet value which is XORed with the password entered by the user. If the user password is greater than 16 octets, additional MD5 calculations are performed, using the previous ciphertext instead of the request authenticator. The server receives a RADIUS access request packet and verifies the server possesses a shared secret for the client. If the server does not possess a shared secret for the client, the request is dropped. If the client received a verified access accept packet, the username and password are considered correct, and the user is authenticated. If the client receives a verified access reject message, the username and password are considered to be incorrect, and the user is not authenticated.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000


nas <IP/M> secret [0|2|<LINE>]
nas <IP/M> secret [0 <LINE>|2 <LINE>|<LINE>]


nas <IP/M> secret [0 <LINE>|2 <LINE>|<LINE>]


Sets the RADIUS client‘s IP address

  • <IP/M> – Sets the RADIUS client‘s IP address in the A.B.C.D/M format

secret [0 <LINE>|2 <LINE>| <LINE>]

Sets the RADIUS client‘s shared secret. Use one of the following options:

  • 0 <LINE> – Sets an UNENCRYPTED secret

  • 2 <LINE> – Sets an ENCRYPTED secret

  • <LINE> – Defines the secret (client shared secret) up to 64 characters


nx9500-6C8809(config-radius-server-policy-test)#nas secret 0 
nx9500-6C8809(config-radius-server-policy-test)#show context
radius-server-policy test
 authentication eap-auth-type tls
 nas secret 0 wirelesswell
 local realm realm1
 ldap-server primary host port 162 login "test" bind-dn "bind-dn1" base-dn "base-dn1" passwd 0 test@123 passwd-attr test123 group-attr group1 group-filter "groupfilter1" group-membership groupmembership1 net-timeout 2
 ldap-server dead-period 100

Related Commands

no Removes a RADIUS server‘s client on a RADIUS server policy