set radius
17-6 Security Configuration
Defaults
Ifsecret‐valueisnotspecified,nonewillbeapplied.
Ifrealmisnotspecified,theanyaccessrealmwillbeused.
Mode
Switchcommand,read‐write.
Usage
TheD‐Seriesdeviceallowsupto10RADIUSaccountingserverstobeconfigured,withuptotwo
serversactiveatanygiventime.
TheRADIUSclientcanonlybeenabledontheswitchonceaRADIUSserverisonline,anditsIP
address(es)hasbeenconfiguredwiththesamepassword
theRADIUSclientwilluse.
Examples
ThisexampleshowshowtoenabletheRADIUSclientforauthenticatingwithRADIUSserver1at
IPaddress192.168.6.203,UDPauthenticationport1812,andanauthenticationpasswordof
“pwsecret.”Aspreviouslynoted,the“serversecret”passwordenteredheremustmatchthat
alreadyconfiguredastheRead‐Write(rw)passwordonthe
RADIUSserver:
D2(su)->set radius server 1 192.168.6.203 1812 pwsecret
ThisexampleshowshowtosettheRADIUStimeoutto5seconds:
D2(su)->set radius timeout 5
ThisexampleshowshowtosetRADIUSretriesto10:
D2(su)->set radius retries 10
realm
management‐
access|any|
network‐access
RealmallowsyoutodefinewhohastogothroughtheRADIUSserverfor
authentication.
• management‐access:Thismeansthatanyonetryingtoaccesstheswitch
(Telnet,SSH,LocalManagement)hastoauthenticatethroughthe
RADIUSserver.
• network‐access:Thismeansthat
alltheusershavetoauthenticatetoa
RADIUSserverbeforetheyareallowedaccesstothenetwork.
• any:Meansthatbothmanagement‐accessandnetwork‐accesshave
beenenabled.
Note: If the management-access or any access realm has been configured, the
local “admin” account is disabled for access to the switch using the console, Telnet,
or Local Management. Only the network-access realm allows access to the local
“admin” account.
index|all Appliestherealmsettingtoaspecificserverortoallservers.
Note: If RADIUS is configured with no host IP address on the device, it will use the loopback
interface 0 IP address (if it has been configured) as its source for the NAS-IP attribute. For
information about configuring loopback interfaces, refer to “interface” on page 16-3.
To Next Page
Loading...
