32.
Remote Authentication Dial-In User Service (RADIUS)
MN700004 Rev 01
356
device-name
(config)#
radius-server host 10.2.42.137
device-name
(config)#
radius-server key 123456
•
Add local user with username of localUser and password MyPass:
device-name
(config)#
username localuser password mypass
NOTE
Local authentication database is used for authentication if the configured RADIUS Server is
not responding.
•
Begin authentication option using the command:
device-name
(config)#
aaa authentication login default radius local
•
Add retransmit, timeout and deadtime parameters as follows:
device-name
(config)#
radius-server retransmit 3
device-name
(config)#
radius-server timeout 10
device-name
(config)#
radius-server deadtime 3
Save the configuration and restart the switch
The results of the above configuration will be as shown in the examples below:
If you try to access the switch using Username “jamessmith”, the result will be REJECT:
username: jamessmith
password: your payment balance is outstanding - access denied
username:
If you try to access the switch using Username "johnwilliams" Password “h5yr9b”, the result
will be ACCEPT
username: user
password: user is in
device-name
#
If you try to access the switch using Username: “localUser” Password “MyPass, the result
will be an Authentication Failure from the RADIUS Server.
If the RADIUS Server is shut down or disconnected from the switch and you try to access the
switch with Username: “localUser” Password: “MyPass”, the result will be ACCEPT. After
the last three queries, the switch will log in successfully using the local authentication
database.