Foundry Switch and Router Installation and Configuration Guide
3 - 38 December 2000
Syntax: radius-server host <ip-addr> | <server-name> [auth-port <number> acct-port <number>]
The host <ip-addr> | <server-name> parameter is either an IP address or an ASCII text string.
The <auth-port> parameter is the Authentication port number; it is an optional parameter. The default is 1645.
The <acct-port> parameter is the Accounting port number; it is an optional parameter. The default is 1646.
Setting RADIUS Parameters
You can set the following parameters in a RADIUS configuration:
• RADIUS key – This parameter specifies the value that the Foundry device sends to the RADIUS server when
trying to authenticate user access.
• Retransmit interval – This parameter specifies how many times the Foundry device will resend an
authentication request when the RADIUS server does not respond. The retransmit value can be from 1 – 5
times. The default is 3 times.
• Timeout – This parameter specifies how many seconds the Foundry device waits for a response from a
RADIUS server before either retrying the authentication request, or determining that the RADIUS servers are
unavailable and moving on to the next authentication method in the authentication-method list. The timeout
can be from 1 – 15 seconds. The default is 3 seconds.
Setting the RADIUS Key
The key parameter in the radius-server command is used to encrypt RADIUS packets before they are sent over
the network. The value for the key parameter on the Foundry device should match the one configured on the
RADIUS server. The key can be from 1 – 32 characters in length.
To specify a RADIUS server key:
BigIron(config)# radius-server key mirabeau
Syntax: radius-server key <key-string>
Setting the Retransmission Limit
The retransmit parameter specifies the maximum number of retransmission attempts. When an authentication
request times out, the Foundry software will retransmit the request up to the maximum number of retransmissions
configured. The default retransmit value is 3 retries. The range of retransmit values is from 1 – 5.
To set the RADIUS retransmit limit:
BigIron(config)# radius-server retransmit 5
Syntax: radius-server retransmit <number>
Setting the Timeout Parameter
The timeout parameter specifies how many seconds the Foundry device waits for a response from the RADIUS
server before either retrying the authentication request, or determining that the RADIUS server is unavailable and
moving on to the next authentication method in the authentication-method list. The timeout can be from 1 – 15
seconds. The default is 3 seconds.
BigIron(config)# radius-server timeout 5
Syntax: radius-server timeout <number>
Configuring Authentication-Method Lists for RADIUS
You can use RADIUS to authenticate Telnet/SSH access and access to Privileged EXEC level and CONFIG levels
of the CLI. When configuring RADIUS authentication, you create authentication-method lists specifically for these
access methods, specifying RADIUS as the primary authentication method.
Within the authentication-method list, RADIUS is specified as the primary authentication method and up to six
backup authentication methods are specified as alternates. If RADIUS authentication fails due to an error, the
device tries the backup authentication methods in the order they appear in the list.
To Next Page
Loading...
Need help?
General
