enable radius

enable radius {mgmt-access | netlogin}

Description

Enables the RADIUS client on the switch.

Syntax Description

mgmt-access Specifies the switch management RADIUS authentication server.
netlogin Specifies the network login RADIUS authentication server.

Default

RADIUS authentication is disabled for both switch management and network login by default.

Usage Guidelines

Before you enable RADIUS on the switch, you must configure the servers used for authentication and configure the authentication string (shared secret) used to communicate with the RADIUS authentication server.

To configure the RADIUS authentication servers, use the following command:

configure radius {mgmt-access | netlogin} [primary | secondary] server [ipaddress | hostname] {udp_port} client-ip [ipaddress] {vrvr_name}

To configure the shared secret, use the following command:

configure radius {mgmt-access | netlogin} [primary | secondary] shared-secret {encrypted} string

If you do not specify a keyword, RADIUS authentication is enabled on the switch for both management and network login. When enabled, all web, Telnet, and SSH logins are sent to the RADIUS servers for authentication. When used with a RADIUS server that supports ExtremeXOS CLI authorization, each CLI command is sent to the RADIUS server for authorization before it is executed.

Use the mgmt-access keyword to enable RADIUS authentication for switch management functions.

Use the netlogin keyword to enable RADIUS authentication for network login.

Example

The following command enables RADIUS authentication on the switch for both management and network login:

enable radius

The following command enables RADIUS authentication on the switch for network login:

enable radius netlogin

History

This command was first available in ExtremeXOS 10.1.

The mgmt-access and netlogin keywords were added in ExtremeXOS 11.2.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, and X695 series switches.