52-10
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 52 Configuring Web-Based Authentication
Configuring Web-Based Authentication
When you configure the RADIUS server parameters, follow these steps:
• Specify the key string on a separate command line.
• For key string, specify the authentication and encryption key used between the switch and the
RADIUS daemon running on the RADIUS server. The key is a text string that must match the
encryption key used on the RADIUS server.
• When you specify the key string, use spaces within and at the end of the key. If you use spaces in
the key, do not enclose the key in quotation marks unless the quotation marks are part of the key.
This key must match the encryption used on the RADIUS daemon.
• You can globally configure the timeout, retransmission, and encryption key values for all RADIUS
servers with the radius-server host global configuration command. If you want to configure these
options on a per-server basis, use the radius-server timeout, radius-server retransmit, and the
radius-server key global configuration commands. For more information, see the URL:
http://www.cisco.com/en/US/products/ps6586/products_ios_technology_home.html
Note You need to configure some settings on the RADIUS server, including: the IP address of the switch, the
key string to be shared by both the server and the switch, and the downloadable ACL (DACL). (Cisco
IOS Release 12.2(50)SG supports DACLs.) For more information, see the RADIUS server
documentation.
This example shows how to configure the RADIUS server parameters on a switch:
Switch(config)# ip radius source-interface Vlan80
Switch(config)# radius-server host 172.l20.39.46 test username user1
Switch(config)# radius-server key rad123
Switch(config)# radius-server dead-criteria tries 2
Step 2
Switch(config)# radius-server host {hostname |
ip-address} test username username
Specifies the host name or IP address of the remote
RADIUS server.
The test username username
option enables automated
testing of the RADIUS server connection. The specified
username does not need to be a valid user name.
The key option specifies an authentication and encryption
key to be used between the switch and the RADIUS
server.
To use multiple RADIUS servers, reenter this command.
Switch(config)# no radius-server host {hostname |
ip-address}
Deletes the specified RADIUS server.
Step 3
Switch(config)# radius-server key string
Configures the authorization and encryption key used
between the switch and the RADIUS daemon running on
the RADIUS server.
Step 4
Switch(config)# radius-server vsa send
authentication
Enables downloading of an ACL from the RADIUS
server. This feature is supported in
Cisco IOS Release 12.2(50)SG.
Step 5
Switch(config)# radius-server dead-criteria tries
num-tries
Specifies the number of unanswered transmits to a
RADIUS server before considering the server to be
inactive. The range of num-tries is 1 to 100.
Command Purpose
To Next Page
Loading...
Need help?
General
