EasyManuals Logo

Cisco Catalyst 2950 User Manual

Cisco Catalyst 2950
674 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #169 background imageLoading...
Page #169 background image
8-27
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 8 Configuring Switch-Based Authentication
Controlling Switch Access with RADIUS
To remove the specified RADIUS server, use the no radius-server host hostname | ip-address global
configuration command. To remove a server group from the configuration list, use the no aaa group
server radius group-name global configuration command. To remove the IP address of a RADIUS
server, use the no server ip-address server group configuration command.
In this example, the switch is configured to recognize two different RADIUS group servers (group1 and
group2). Group1 has two different host entries on the same RADIUS server configured for the same
services. The second host entry acts as a fail-over backup to the first entry.
Switch(config)# radius-server host 172.20.0.1 auth-port 1000 acct-port 1001
Switch(config)# radius-server host 172.10.0.1 auth-port 1645 acct-port 1646
Switch(config)# aaa new-model
Switch(config)# aaa group server radius group1
Switch(config-sg-radius)# server 172.20.0.1 auth-port 1000 acct-port 1001
Switch(config-sg-radius)# exit
Switch(config)# aaa group server radius group2
Switch(config-sg-radius)# server 172.20.0.1 auth-port 2000 acct-port 2001
Switch(config-sg-radius)# exit
Configuring RADIUS Authorization for User Privileged Access and Network Services
AAA authorization limits the services available to a user. When AAA authorization is enabled, the
switch uses information retrieved from the user’s profile, which is in the local user database or on the
security server, to configure the users session. The user is granted access to a requested service only if
the information in the user profile allows it.
You can use the aaa authorization global configuration command with the radius keyword to set
parameters that restrict a user’s network access to privileged EXEC mode.
The aaa authorization exec radius local command sets these authorization parameters:
Use RADIUS for privileged EXEC access authorization if authentication was performed by using
RADIUS.
Use the local database if authentication was not performed by using RADIUS.
Note Authorization is bypassed for authenticated users who log in through the CLI even if authorization has
been configured.
Step 8
copy running-config startup-config (Optional) Save your entries in the configuration file.
Step 9
Enable RADIUS login authentication. See the Configuring RADIUS
Login Authentication” section on page 8-23.
Command Purpose

Table of Contents

Other manuals for Cisco Catalyst 2950

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 2950 and is the answer not in the manual?

Cisco Catalyst 2950 Specifications

General IconGeneral
Forwarding Bandwidth8.8 Gbps
Switching Capacity13.6 Gbps
Forwarding Rate6.6 Mpps
Weight3.6 kg
RAM16 MB
Flash Memory8 MB
Operating Humidity10% to 85% non-condensing
Uplink Ports2 x 10/100/1000Base-T
Dimensions4.4 cm x 44.5 cm x 24.2 cm
Remote Management ProtocolSNMP, Telnet, HTTP
FeaturesQuality of Service (QoS), VLAN support
Compliant StandardsIEEE 802.3, IEEE 802.3u, IEEE 802.1D, IEEE 802.1Q, IEEE 802.1p
Status Indicatorssystem
Operating Temperature0 to 45°C
Ports24 x 10/100 Ethernet ports
MAC Address Table Size8, 192 entries
Power SupplyInternal 100-240V AC, 50-60Hz

Related product manuals