Specifying the RADIUS Server Addresses

Before the RADIUS (Remote Authentication Dial In User Service) client software can communicate with a RADIUS server, you must specify the server address in the client software. You can specify up to eight RADIUS servers, and you can use either an IP address or a host name to identify each server.

To configure the RADIUS servers in the client software, use the following command:
configure radius {mgmt-access | netlogin} [primary | secondary | index] server [host_ipaddr | host_ipV6addr | hostname] {udp_port} client-ip [client_ipaddr | client_ipV6addr] {vr vr_name} {shared-secret {encrypted} secret}
Note

Note

It is recommended to enable loopback mode on the VLAN (Virtual LAN) associated with RADIUS if the radius connectivity is established via a front panel port on a summit stack.

The default port value for authentication is 1812. The client IP address is the IP address used by the RADIUS server for communicating back to the switch.

To configure the primary RADIUS server, specify primary. To configure the secondary RADIUS server, specify secondary.

By default, switch management and network login use the same primary and secondary RADIUS servers for authentication. To specify one pair of RADIUS servers for switch management and another pair for network login, use the mgmt-access and netlogin keywords.