radius-server-policy

Creates an onboard device RADIUS server policy. A RADIUS server policy is a unique authentication and authorization configuration that receives user connection requests, authenticates users, and returns configuration information necessary for the RADIUS client to deliver service to the user. The client is the entity with authentication information requiring validation. The local RADIUS server has access to a database of authentication information used to validate the client's authentication request.

The local RADIUS server uses authentication schemes like PAP, CHAP, or EAP to verify and confirm information provided by a user. The user's proof of identification is verified, along with, optionally, other information. A local RADIUS server policy can also be configured to refer to an external (Lightweight Directory Access Protocol) (LDAP) resource to verify a user's credentials.

Use the (config) instance to configure RADIUS-Server-Policy related parameters. To navigate to the RADIUS-Server-Policy instance, use the following commands:

<DEVICE>(config)#radius-server-policy <POLICY-NAME>
nx9500-6C8809(config)#radius-server-policy test
nx9500-6C8809(config-radius-server-policy-test)#?
Radius Configuration commands:
  authentication           Radius authentication
  bypass                   Bypass Certificate Revocation List( CRL ) check
  chase-referral           Enable chasing referrals from LDAP server
  crl-check                Enable Certificate Revocation List( CRL ) check
  ldap-agent               LDAP Agent configuration parameters
  ldap-group-verification  Enable LDAP Group Verification setting
  ldap-server              LDAP server parameters
  local                    RADIUS local realm
  nas                      RADIUS client
  no                       Negate a command or set its defaults
  proxy                    RADIUS proxy server
  session-resumption       Enable session resumption/fast reauthentication by
                           using cached attributes
  termination              Enable Eap termination for proxy requests
  use                      Set setting to use

  clrscr                   Clears the display screen
  commit                   Commit all changes made in this session
  do                       Run commands from Exec mode
  end                      End current mode and change to EXEC mode
  exit                     End current mode and down to previous mode
  help                     Description of the interactive help system
  revert                   Revert changes
  service                  Service Commands
  show                     Show running system information
  write                    Write running configuration to memory or terminal

nx9500-6C8809(config-radius-server-policy-test)#
The following table summarizes RADIUS server policy configuration commands:
Table 1. RADIUS-Server-Policy Config Mode Commands
Commands Description
authentication Configures RADIUS authentication settings
bypass Enables bypassing of CRL check
chase-referral Enables LDAP server referral chasing
crl-check Enables a CRL (certificate revocation list ) check
ldap-agent Configures the LDAP agent settings
ldap-group-verification Enables LDAP group verification
ldap-server Configures the LDAP server settings
local Configures a local RADIUS realm
nas Configures the key sent to a RADIUS client
proxy Configures the RADIUS proxy server‘s settings
session-resumption Enables session resumption
termination Enables EAP termination on this current RADIUS server policy. When enabled, EAP authentication is terminated at the controller level.
use Defines settings used with the RADIUS server policy
no Removes or resets the RADIUS server policy‘s settings