nas

Configures the key sent to a RADIUS client.

A RADIUS client is a mechanism to communicate with a central server to authenticate users and authorize access to the controller, service platform or access point managed network.

The client and server share a secret (a password). That shared secret followed by the request authenticator is put through a MD5 hash algorithm to create a 16 octet value which is XORed with the password entered by the user. If the user password is greater than 16 octets, additional MD5 calculations are performed, using the previous ciphertext instead of the request authenticator. The server receives a RADIUS access request packet and verifies the server possesses a shared secret for the client. If the server does not possess a shared secret for the client, the request is dropped. If the client received a verified access accept packet, the username and password are considered correct, and the user is authenticated. If the client receives a verified access reject message, the username and password are considered to be incorrect, and the user is not authenticated.

Supported on the following devices:

Syntax

nas <IP/M> secret [0|2|<LINE>]
nas <IP/M> secret [0 <LINE>|2 <LINE>|<LINE>]

Parameters

nas <IP/M> secret [0 <LINE>|2 <LINE>|<LINE>]

<IP/M>

Sets the RADIUS client‘s IP address

  • <IP/M> – Sets the RADIUS client‘s IP address in the A.B.C.D/M format

secret [0 <LINE>|2 <LINE>| <LINE>]

Sets the RADIUS client‘s shared secret. Use one of the following options:

  • 0 <LINE> – Sets an UNENCRYPTED secret

  • 2 <LINE> – Sets an ENCRYPTED secret

  • <LINE> – Defines the secret (client shared secret) up to 64 characters

Examples

nx9500-6C8809(config-radius-server-policy-test)#nas 172.16.10.10/24 secret 0 
nx9500-6C8809(config-radius-server-policy-test)#show context
radius-server-policy test
 authentication eap-auth-type tls
 crl-check
 nas 172.16.10.10/24 secret 0 wirelesswell
 local realm realm1
 ldap-server primary host 172.16.10.19 port 162 login "test" bind-dn "bind-dn1" base-dn "base-dn1" passwd 0 test@123 passwd-attr test123 group-attr group1 group-filter "groupfilter1" group-membership groupmembership1 net-timeout 2
 ldap-server dead-period 100
nx9500-6C8809(config-radius-server-policy-test)#

Related Commands

no Removes a RADIUS server‘s client on a RADIUS server policy