Filter
Top Products
RADIUS Client
41-5
41
Command Usage
• RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort
delivery, while TCP offers a connection-oriented transport. Also, note that
RADIUS encrypts only the password in the access-request packet from the
client to the server, while TACACS+ encrypts the entire body of the packet.
• RADIUS and TACACS+ logon authentication assigns a specific privilege level
for each user name and password pair. The user name, password, and
privilege level must be configured on the authentication server.
• You can specify three authentication methods in a single command to indicate
the authentication sequence. For example, if you enter “authentication
enable radius tacacs local,” the user name and password on the RADIUS
server is verified first. If the RADIUS server is not available, then
authentication is attempted on the TACACS+ server. If the TACACS+ server
is not available, the local user name and password is checked.
Example
Related Commands
enable password - sets the password for changing command modes (41-2)
RADIUS Client
Remote Authentication Dial-in User Service (RADIUS) is a logon authentication
protocol that uses software running on a central server to control access to
RADIUS-aware devices on the network. An authentication server contains a
database of multiple user name/password pairs with associated privilege levels for
each user or group that require management access to a switch.
Console(config)#authentication enable radius
Console(config)#
Table 41-5 RADIUS Client Commands
Command Function Mode Page
radius-server host Specifies the RADIUS server GC 41-6
radius-server port Sets the RADIUS server network port GC 41-6
radius-server key Sets the RADIUS encryption key GC 41-7
radius-server retransmit Sets the number of retries GC 41-7
radius-server timeout Sets the interval between sending authentication requests GC 41-8
show radius-server Shows the current RADIUS settings PE 41-8