Adding a RADIUS server

You can configure up to five RADIUS servers on a device.

Prior to configuring a RADIUS server by specifying a domain or host name, you must configure the Domain Name System (DNS) server on the device by using the ip dns command. The host name cannot be resolved unless the DNS server is configured.

Note

Note

When a list of servers is configured on the device, failover from one server to another server only happens when a RADIUS server fails to respond; it does not happen when user authentication fails.

Perform the following task to add a RADIUS server to a device.

  1. From privileged EXEC mode, enter global configuration mode.
    device# configure terminal
    
    Entering configuration mode terminal
    
  2. When the default configuration values for communication with the RADIUS server are not acceptable, use the radius-server host command specifying the use-vrf parameter to enter RADIUS server host VRF configuration mode.
    device(config)# radius-server host 10.38.37.180 use-vrf mgmt-vrf 
    device(config-host-10.38.37.180/mgmt-vrf)#
    
  3. The following examples show how to configure some parameters for communication with the RADIUS server using the mgmt-vrf.
    • (Optional) Configure the authentication protocol to use for communication with the RADIUS server.
      device(config-host-10.38.37.180/mgmt-vrf)# protocol pap 
    • (Optional) Specify a text string to be used as a shared secret between the device and the RADIUS server.
      device(config-host-10.38.37.180/mgmt-vrf)# key "new#vertigo*secret"
    • (Optional) Specify the wait time (in seconds) allowed for a RADIUS server response.
      device(config-host-10.38.37.180/mgmt-vrf)# timeout 10
    • (Optional) Specify a source interface for RADIUS packets that originate on the device. The following example shows how to configure an Ethernet interface (0/2) as the source interface.
      device(config-host-10.38.37.180/mgmt-vrf)# source-interface ethernet 0/2
  4. Return to Privileged EXEC mode.
    device(config-host-10.38.37.180/mgmt-vrf)# end
  5. Verify the configuration.
    device# show running-config radius-server host 10.38.37.180 
    
    radius-server host 10.38.37.180 use-vrf mgmt-vrf
     protocol pap 
     key "ayykN/07wCMEy0SKrpZXPm0hzI37Ze9qNugdSQXhoo0=\n"
     encryption-level 7 
     timeout 10 
     source-interface ethernet 0/2