10-12
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
OL-12247-04
Chapter 10 Configuring Web-Based Authentication
Configuring Web-Based Authentication
To configure the RADIUS server parameters, perform this task:
When you configure the RADIUS server parameters:
•
Specify the
key
string
on a separate command line.
•
For
key
string
, specify the authentication and encryption key used between the switch and the
RADIUS daemon running on the RADIUS server. The key is a text string that must match the
encryption key used on the RADIUS server.
•
When you specify the
key
string
, use spaces within and at the end of the key. If you use spaces in
the key, do not enclose the key in quotation marks unless the quotation marks are part of the key.
This key must match the encryption used on the RADIUS daemon.
•
You can globally configure the timeout, retransmission, and encryption key values for all RADIUS
servers by using with the
radius-server host
global configuration command. If you want to
configure these options on a per-server basis, use the
radius-server timeout
,
radius-server
retransmit
, and the
radius-server key
global configuration commands. For more information, see
the
Cisco IOS Security Configuration Guide, Release 12.2
and the
Cisco IOS Security Command Reference, Release 12.2
at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/fsecur_r.html
Note
You need to configure some settings on the RADIUS server, including: the switch IP address, the key
string to be shared by both the server and the switch, and the downloadable ACL (DACL). For more
information, see the RADIUS server documentation.
Command
Purpose
Step 1
ip radius source-interface
interface_name
Specify that the RADIUS packets have the IP address of
the indicated interface.
Step 2
radius-server host
{
hostname
|
ip-address
}
test
username
username
Specify the host name or IP address of the remote
RADIUS server.
The
test username
username
option enables automated
testing of the RADIUS server connection. The specified
username
does not need to be a valid user name.
The
key
option specifies an authentication and encryption
key to use between the switch and the RADIUS server.
To use multiple RADIUS servers, reenter this command
for each server.
Step 3
radius-server key
string
Configure the authorization and encryption key used
between the switch and the RADIUS daemon running on
the RADIUS server.
Step 4
radius-server vsa send authentication
Enable downloading of an ACL from the RADIUS server.
This feature is supported in
Cisco IOS Release 12.2(50)SG.
Step 5
radius-server dead-criteria tries
num-tries
Specify the number of unanswered sent messages to a
RADIUS server before considering the server to be
inactive. The range of
num-tries
is 1 to 100.