MES3000 Ethernet switch series 137
5.18.2 RADIUS protocol
RADIUS protocol is used for authentication, authorization and accounting. RADIUS server operates
with the user database, that contains authentication data for each user. Thus, RADIUS protocol provides
additional security for access to network resources and the switch itself.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.149 —Global configuration mode commands
radius-server host
{ip_address | hostname}
[authport auth_port]
[acctport acct_port] [timeout
timeout] [retransmit retries]
[deadtime time] [key
secret_key] [encrypted key
encrypted_key] [source
source_ip_address] [priority
priority] [usage type]
hostname: (1..158)
characters;
auth_port:
(0..65535)/1812;
acct_port:
(0..65535)/1813;
timeout: (1..30)
seconds;
retries: (1..10);
time (0..2000) minutes;
secret_key: (0..128)
characters;
encrypted key: (0..128)
characters;
priority: (0..65535)/0;
type: (login, 802.1x,
all)/ all;
If timeout, retries,
time, secret_key,
source_ip_address
parameters are missing
in the command, the
current RADIUS server
use values configured
with the following
commands (default
values)
Add the selected server into the list of utilized RADIUS servers.
- ip_address—RADIUS server IPv4 or IPv6 address
- hostname—RADIUS server network name
- auth_port—port number for sending authentication data
- acct_port—port number for sending accounting data
- timeout—server response interval
- retries—number of attempts for RADIUS server discovery
- time— time in minutes, when unavailable servers will not be
polled by the switch RADIUS client
- secret_key—authentication and encryption key for RADIUS data
exchange
- encrypted key—authentication and encryption key for RADIUS
data exchange
- source_ip_addr—IPv4 or IPv6 address used as a source address
in RADIUS protocol messages
- priority—RADIUS server utilization priority (the lower the value,
the higher the server priority)
- type—RADIUS server utilization type
no radius-server host
{ip_address | hostname}
Remove the selected server from the list of utilized RADIUS
servers.
key: (0..128)
characters/default key
is an empty string
Define the default key for authentication and encryption of
RADIUS data exchange between the device and RADIUS
environment.
Restore the default value.
radius-server timeout timeout
timeout: (1..30)/3
seconds
Define the default server response interval.
Restore the default value.
radius-server retransmit retries
Define the default number of attempts for discovery of RADIUS
server from the server list. If the failure occurs, the next priority
server from the server list will be discovered.
no radius-server retransmit
Restore the default value.
radius-server deadtime
deadtime
deadtime: (0..2000)/0
minutes
Allows to optimize the RADIUS server query time when some
servers are unavailable. Set the default time in minutes, when
unavailable servers will not be polled by the switch RADIUS client
no radius-server deadtime
deadtime
Restore the default value.
radius-server source-ip
ip_address
Define the specific IPv4 address used as the default source address
being sent in RADIUS protocol messages.
no radius-server source-ip
[ip_address]
Remove the specific IPv4 address used as the default source
address being sent in RADIUS protocol messages.
To Next Page
Loading...
