Configures the key sent to a RADIUS client.
A RADIUS client is a mechanism to communicate with a central server to authenticate users and authorize access to the controller, service platform or access point managed network.
The client and server share a secret (a password). That shared secret followed by the request authenticator is put through a MD5 hash algorithm to create a 16 octet value which is XORed with the password entered by the user. If the user password is greater than 16 octets, additional MD5 calculations are performed, using the previous ciphertext instead of the request authenticator. The server receives a RADIUS access request packet and verifies the server possesses a shared secret for the client. If the server does not possess a shared secret for the client, the request is dropped. If the client received a verified access accept packet, the username and password are considered correct, and the user is authenticated. If the client receives a verified access reject message, the username and password are considered to be incorrect, and the user is not authenticated.
nas <IP/M> secret [0|2|<LINE>]
nas <IP/M> secret [0 <LINE>|2 <LINE>|<LINE>]
nas <IP/M> secret [0 <LINE>|2 <LINE>|<LINE>]
|
<IP/M> |
Sets the RADIUS client‘s IP address
|
|
secret [0 <LINE>|2 <LINE>| <LINE>] |
Sets the RADIUS client‘s shared secret. Use one of the following options:
|
nx9500-6C8809(config-radius-server-policy-test)#nas 172.16.10.10/24 secret 0
nx9500-6C8809(config-radius-server-policy-test)#show context radius-server-policy test authentication eap-auth-type tls crl-check nas 172.16.10.10/24 secret 0 wirelesswell local realm realm1 ldap-server primary host 172.16.10.19 port 162 login "test" bind-dn "bind-dn1" base-dn "base-dn1" passwd 0 test@123 passwd-attr test123 group-attr group1 group-filter "groupfilter1" group-membership groupmembership1 net-timeout 2 ldap-server dead-period 100 nx9500-6C8809(config-radius-server-policy-test)#
| no | Removes a RADIUS server‘s client on a RADIUS server policy |