Name: Cisco Catalyst 2950
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

8-27

Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide

78-11380-12

Chapter 8 Configuring Switch-Based Authentication

Controlling Switch Access with RADIUS

To remove the specified RADIUS server, use the no radius-server host hostname | ip-address global

configuration command. To remove a server group from the configuration list, use the no aaa group

server radius group-name global configuration command. To remove the IP address of a RADIUS

server, use the no server ip-address server group configuration command.

In this example, the switch is configured to recognize two different RADIUS group servers (group1 and

group2). Group1 has two different host entries on the same RADIUS server configured for the same

services. The second host entry acts as a fail-over backup to the first entry.

Switch(config)# radius-server host 172.20.0.1 auth-port 1000 acct-port 1001

Switch(config)# radius-server host 172.10.0.1 auth-port 1645 acct-port 1646

Switch(config)# aaa new-model

Switch(config)# aaa group server radius group1

Switch(config-sg-radius)# server 172.20.0.1 auth-port 1000 acct-port 1001

Switch(config-sg-radius)# exit

Switch(config)# aaa group server radius group2

Switch(config-sg-radius)# server 172.20.0.1 auth-port 2000 acct-port 2001

Switch(config-sg-radius)# exit

Configuring RADIUS Authorization for User Privileged Access and Network Services

AAA authorization limits the services available to a user. When AAA authorization is enabled, the

switch uses information retrieved from the user’s profile, which is in the local user database or on the

security server, to configure the user’s session. The user is granted access to a requested service only if

the information in the user profile allows it.

You can use the aaa authorization global configuration command with the radius keyword to set

parameters that restrict a user’s network access to privileged EXEC mode.

The aaa authorization exec radius local command sets these authorization parameters:

• Use RADIUS for privileged EXEC access authorization if authentication was performed by using

RADIUS.

• Use the local database if authentication was not performed by using RADIUS.

Note Authorization is bypassed for authenticated users who log in through the CLI even if authorization has

been configured.

Step 8

copy running-config startup-config (Optional) Save your entries in the configuration file.

Step 9

Enable RADIUS login authentication. See the “Configuring RADIUS

Command Purpose

Other manuals for Cisco Catalyst 2950

Getting Started Guide28 pages

Command Reference686 pages

Datasheet19 pages

Hardware Installation Guide232 pages

Software Guide376 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 2950 and is the answer not in the manual?

Cisco Catalyst 2950 Specifications

General

Forwarding Bandwidth	8.8 Gbps
Switching Capacity	13.6 Gbps
Forwarding Rate	6.6 Mpps
Weight	3.6 kg
RAM	16 MB
Flash Memory	8 MB
Operating Humidity	10% to 85% non-condensing
Uplink Ports	2 x 10/100/1000Base-T
Dimensions	4.4 cm x 44.5 cm x 24.2 cm
Remote Management Protocol	SNMP, Telnet, HTTP
Features	Quality of Service (QoS), VLAN support
Compliant Standards	IEEE 802.3, IEEE 802.3u, IEEE 802.1D, IEEE 802.1Q, IEEE 802.1p
Status Indicators	system
Operating Temperature	0 to 45°C
Ports	24 x 10/100 Ethernet ports
MAC Address Table Size	8, 192 entries
Power Supply	Internal 100-240V AC, 50-60Hz