To Next Page

To Previous Page

set radius

20-6 Security Configuration

Defaults

Ifsecret‐valueisnotspecified,nonewillbeapplied.

Ifrealmisnotspecified,theanyaccessrealmwillbeused.

Mode

Switchcommand,read‐write.

Usage

TheSecureStackB3deviceallowsupto10RADIUSaccountingserverstobeconfigured,withup

totwoserversactiveatanygiventime.

TheRADIUSclientcanonlybeenabledontheswitchonceaRADIUSserverisonline,anditsIP

address(es)hasbeenconfiguredwiththesamepassword

theRADIUSclientwilluse.

Examples

ThisexampleshowshowtoenabletheRADIUSclientforauthenticatingwithRADIUSserver1at

IPaddress192.168.6.203,UDPauthenticationport1812,andanauthenticationpasswordof

“pwsecret.”Aspreviouslynoted,the“serversecret”passwordenteredheremustmatchthat

alreadyconfiguredastheRead‐Write(rw)passwordonthe

RADIUSserver:

B3(su)->set radius server 1 192.168.6.203 1812 pwsecret

ThisexampleshowshowtosettheRADIUStimeoutto5seconds:

B3(su)->set radius timeout 5

ThisexampleshowshowtosetRADIUSretriesto10:

B3(su)->set radius retries 10

Thisexampleshowshowtoforceanymanagement‐accesstotheswitch(Telnet,web,SSH)to

authenticatethroughaRADIUSserver.Theallparameterattheendofthecommandmeansthat

anyofthedefinedRADIUSserverscanbeusedforthisAuthentication.

B3(rw)->set radius realm management-access all

realm

management‐

access|any|

network‐access

RealmallowsyoutodefinewhohastogothroughtheRADIUSserverfor

authentication.

• management‐access:Thismeansthatanyonetryingtoaccesstheswitch

(Telnet,SSH,LocalManagement)hastoauthenticatethroughthe

RADIUSserver.

• network‐access:Thismeansthat

alltheusershavetoauthenticatetoa

RADIUSserverbeforetheyareallowedaccesstothenetwork.

• any:Meansthatbothmanagement‐accessandnetwork‐accesshave

beenenabled.

Note: If the management-access or any access realm has been configured, the

local “admin” account is disabled for access to the switch using the console, Telnet,

or Local Management. Only the network-access realm allows access to the local

“admin” account.

index|all Appliestherealmsettingtoaspecificserverortoallservers.

Note: If RADIUS is configured with no host IP address on the device, it will use the loopback

interface 0 IP address (if it has been configured) as its source for the NAS-IP attribute. For

information about configuring loopback interfaces, refer to “interface” on page 17-2.

Brand	Enterasys
Model	SecureStack B3
Category	Switch
Language	English

Enterasys SecureStack B3 User Manual

Table of Contents

Questions and Answers:

Enterasys SecureStack B3 Specifications

Related product manuals