11-12
Catalyst 2975 Switch Software Configuration Guide
OL-19720-02
Chapter 11 Configuring Web-Based Authentication
Configuring Web-Based Authentication
The combination of the IP address and UDP port number creates a unique identifier, that enables
RADIUS requests to be sent to multiple UDP ports on a server at the same IP address. If two different
host entries on the same RADIUS server are configured for the same service (for example,
authentication) the second host entry that is configured functions as the failover backup to the first one.
The RADIUS host entries are chosen in the order that they were configured.
To configure the RADIUS server parameters, perform this task:
When you configure the RADIUS server parameters:
•
Specify the
key
string
on a separate command line.
•
For
key
string
, specify the authentication and encryption key used between the switch and the
RADIUS daemon running on the RADIUS server. The key is a text string that must match the
encryption key used on the RADIUS server.
•
When you specify the
key
string
, use spaces within and at the end of the key. If you use spaces in
the key, do not enclose the key in quotation marks unless the quotation marks are part of the key.
This key must match the encryption used on the RADIUS daemon.
•
You can globally configure the timeout, retransmission, and encryption key values for all RADIUS
servers by using with the
radius-server host
global configuration command. If you want to
configure these options on a per-server basis, use the
radius-server timeout
,
radius-server
retransmit
, and the
radius-server key
global configuration commands. For more information, see
the
Cisco IOS Security Configuration Guide, Release 12.2
and the
Cisco IOS Security Command Reference, Release 12.2
:
http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/fsecur_r.html
Command
Purpose
Step 1
ip radius source-interface
interface_name
Specify that the RADIUS packets have the IP address of
the indicated interface.
Step 2
radius-server host
{
hostname
|
ip-address
}
test
username
username
Specify the host name or IP address of the remote
RADIUS server.
The
test username
username
option enables automated
testing of the RADIUS server connection. The specified
username
does not need to be a valid user name.
The
key
option specifies an authentication and encryption
key to use between the switch and the RADIUS server.
To use multiple RADIUS servers, reenter this command
for each server.
Step 3
radius-server key
string
Configure the authorization and encryption key used
between the switch and the RADIUS daemon running on
the RADIUS server.
Step 4
radius-server vsa send authentication
Enable downloading of an ACL from the RADIUS server.
This feature is supported in
Cisco IOS Release 12.2(50)SG.
Step 5
radius-server dead-criteria tries
num-tries
Specify the number of unanswered sent messages to a
RADIUS server before considering the server to be
inactive. The range of
num-tries
is 1 to 100.