Security
Configuring RADIUS
373 Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3
20
Configuring RADIUS
Remote Authorization Dial-In User Service (RADIUS) servers provide a centralized
802.1X or MAC-based network access control. The device is a RADIUS client that
can use a RADIUS server to provide centralized security.
An organization can establish a Remote Authorization Dial-In User Service
(RADIUS) server to provide centralized 802.1X or MAC-based network access
control for all of its devices. In this way, authentication and authorization can be
handled on a single server for all devices in the organization.
The device can act as a RADIUS client that uses the RADIUS server for the
following services:
• Authentication—Provides authentication of regular and 802.1X users
logging onto the device by using usernames and user-defined passwords.
• Authorization—Performed at login. After the authentication session is
completed, an authorization session starts using the authenticated
username. The TACACS+ server then checks user privileges.
• Accounting—Enable accounting of login sessions using the RADIUS server.
This enables a system administrator to generate accounting reports from
the RADIUS server.
Accounting Using a RADIUS Server
The user can enable accounting of login sessions using either a RADIUS or
TACAC S+ ser ver.
The user-configurable, TCP port used for RADIUS server accounting is the same
TCP port that is used for RADIUS server authentication and authorization.
Defaults
The following defaults are relevant to this feature:
• No default RADIUS server is defined by default.
• If you configure a RADIUS server, the accounting feature is disabled by
default.
To Next Page
Loading...
