This section describes RADIUS user group configuration commands. The local RADIUS server allows the configuration of user groups with common user policies. User group names and associated users are stored in the local database. The user ID in the received access request is mapped to the associated wireless group for authentication. The configuration of groups allows enforcement of the following policies that control user access:
  • Assign a VLAN to the user upon successful authentication
  • Define start and end of time (HH:MM) when the user is allowed to authenticate
  • Define the SSID list to which a user, belonging to this group, is allowed to associate
  • Define the days of the week the user is allowed to login
  • Rate limit traffic (for non-management users)

RADIUS users are categorized into three groups: normal user, management user, and guest user. A RADIUS group not configured as management or guest is a normal user group. User access and role settings depends on the RADIUS group the user belongs.

Use the (config) instance to configure RADIUS group commands. This command creates a group within the existing RADIUS group. To navigate to the RADIUS group instance, use the following commands:

<DEVICE>(config)#radius-group <GROUP-NAME>
nx9500-6C8809(config)#radius-group test
Radius user group configuration commands:
  guest       Make this group a Guest group
  no          Negate a command or set its defaults
  policy      Radius group access policy configuration
  rate-limit  Set rate limit for group

  clrscr      Clears the display screen
  commit      Commit all changes made in this session
  do          Run commands from Exec mode
  end         End current mode and change to EXEC mode
  exit        End current mode and down to previous mode
  help        Description of the interactive help system
  revert      Revert changes
  service     Service Commands
  show        Show running system information
  write       Write running configuration to memory or terminal



The RADIUS group name cannot exceed 32 characters, and cannot be modified as part of the group edit process.
The following table summarizes RADIUS group configuration commands:
Click to expand in new window

RADIUS-Group Config Mode Commands

Command Description
guest Enables guest access for the newly created group
policy Configures RADIUS group access policy parameters
rate-limit Sets the default rate limit per user in Kbps, and applies it to all enabled WLANs
no Negates a command or reverts settings to their default


For more information on common commands (clrscr, commit, help, revert, service, show, write, and exit), see Common Commands.


The input parameter <HOSTNAME>, wherever used in syntaxes across this chapter, cannot include an underscore (_) character. In other words, the name of a device cannot contain an underscore.