Security
ExtremeWare XOS 11.3 Concepts Guide
324
To enable RADIUS authentication, use the following command:
enable radius {mgmt-access | netlogin}
If you do not specify the mgmt-access or netlogin keywords, RADIUS authentication is enabled on the
switch for both management and network login.
To disable RADIUS authentication, use the following command:
disable radius {mgmt-access | netlogin}
If you do not specify the mgmt-access or netlogin keywords, RADIUS authentication is disabled on
the switch for both management and network login.
Configuring RADIUS Accounting
Extreme Networks switches are capable of sending RADIUS accounting information. As with RADIUS
authentication, you can specify two servers for receipt of accounting information.
To specify RADIUS accounting servers, use the following command:
configure radius-accounting {mgmt-access | netlogin} [primary | secondary] server
[<ipaddress> | <hostname>] {<tcp_port>} client-ip [<ipaddress>] {vr <vr_name>}
To configure the primary RADIUS accounting server, specify primary. To configure the secondary
RADIUS accounting server, specify
secondary.
By default, switch management and network login use the same primary and secondary RADIUS
servers for accounting. To specify one pair of RADIUS accounting servers for switch management and
another pair for network login, make sure to specify the
mgmt-access or netlogin keywords.
Configuring the RADIUS Accounting Timeout Value
To configure the timeout if a server fails to respond, use the following command:
configure radius-accounting {mgmt-access | netlogin} timeout <seconds>
If the timeout expires, another authentication attempt will be made. After three failed attempts to
authenticate, the alternate server will be used.
Configuring the Shared Secret Password for RADIUS Accounting Servers
RADIUS accounting also uses the shared secret password mechanism to validate communication
between network access devices and RADIUS accounting servers.
To specify shared secret passwords for RADIUS accounting servers, use the following command:
configure radius-accounting {mgmt-access | netlogin} [primary | secondary] shared-
secret {encrypted} <string>
To configure the primary RADIUS accounting server, specify primary. To configure the secondary
RADIUS accounting server, specify
secondary.
If you do not specify the
mgmt-access or netlogin keywords, the secret applies to both the primary or
secondary switch management and netlogin RADIUS accounting servers.
To Next Page
Loading...