32.
Remote Authentication Dial-In User Service (RADIUS)
MN700004 Rev 01
352
•
ACCEPT
---The user is authenticated.
•
REJECT
---The user is not authenticated and is prompted to reenter the
username and password, or access is denied.
The ACCEPT or REJECT packets also contain:
Reply message and user timeouts – session timeout and idle timeout.
Description of Commands
Commands to Configure a RADIUS Server Host
To specify a RADIUS server host and a shared password:
•
Use the
radius-server host
command to define the remote RADIUS server
host and optionally assign an authentication port number.
•
Use the
radius-server key
command to specify the password shared with the
remote RADIUS server host.
To customize communication between the switch and the RADIUS server:
•
Use the
radius-server retransmit
command to specify how many times the
switch transmits each RADIUS request to the server before giving up.
•
Use the
radius-server timeout
command to specify how many seconds a
switch waits for a reply to a RADIUS request before retransmitting the
request.
•
Use the
radius-server deadtime
command to specify how many minutes a
RADIUS server, which is not responding to authentication requests, is passed
over by requests for RADIUS authentication.
radius-server host
The
radius-server host
command, in Global Configuration mode, defines the remote
RADIUS server by specifying its IP address, and optionally assigns a UDP authentication port
number. If the UDP authentication port number is not specified, the port number 1812 is
assigned. The
no
form of this command deletes the specified host from the RADIUS
database.
Command Syntax
device-name
(config)#
radius-server host
A.B.C.D
[<
port-number
>]
device-name
(config)#
no radius-server host
A.B.C.D
Argument Description
A.B.C.D
The IP address of the RADIUS server.
port-number
Port number of the RADIUS server in range <1024-65535>