Authenticating Users Using RADIUS or TACACS+
ExtremeWare XOS 11.3 Concepts Guide
323
Configuring the RADIUS Servers
To configure the RADIUS servers, use the following command:
configure radius {mgmt-access | netlogin} [primary | secondary] server [<ipaddress> |
<hostname>] {<udp_port>} client-ip [<ipaddress>] {vr <vr_name>}
To configure the primary RADIUS server, specify primary. To configure the secondary RADIUS server,
specify
secondary.
By default, switch management and network login use the same primary and secondary RADIUS
servers for authentication. To specify one pair of RADIUS servers for switch management and another
pair for network login, make sure to specify the
mgmt-access or netlogin keywords.
Configuring the RADIUS Timeout Value
To configure the timeout if a server fails to respond, use the following command:
configure radius {mgmt-access | netlogin} timeout <seconds>
If the timeout expires, another authentication attempt will be made. After three failed attempts to
authenticate, the alternate server will be used. After six failed attempts, local user authentication will be
used.
If you do not specify the
mgmt-access or netlogin keywords, the timeout interval applies to both
switch management and netlogin RADIUS servers.
Configuring the Shared Secret Password for RADIUS Servers
In addition to specifying the RADIUS server IP information, RADIUS also contains a means to verify
communication between network devices and the server. The shared secret is a password configured on
the network device and RADIUS server, used by each to verify communication.
To configure the shared secret for RADIUS servers, use the following command:
configure radius {mgmt-access | netlogin} [primary | secondary] shared-secret
{encrypted} <string>
To configure the primary RADIUS server, specify primary. To configure the secondary RADIUS server,
specify
secondary.
If you do not specify the
mgmt-access or netlogin keywords, the secret applies to both the primary or
secondary switch management and netlogin RADIUS servers.
Do not use the
encrypted keyword to set the shared secret. The encrypted keyword is primarily for
the output of the
show configuration command, so the shared secret is not revealed in the command
output.
Enabling and Disabling RADIUS
After server information is entered, you can start and stop RADIUS authentication as many times as
necessary without needing to reconfigure server information.
To Next Page
Loading...
Need help?
General
