Filter
Top Products
106
Enhancements in Release F.04.08
Configuring RADIUS Authentication and Accounting
Outline of the Steps for Configuring RADIUS Authentication
There are three main steps to configuring RADIUS authentication:
1. Configure RADIUS authentication for controlling access through one or more of the following
• Serial port
•Telnet
•SSH
• Port-Access (802.1X)
2. Configure the switch for accessing one or more RADIUS servers (one primary server and up to
two backup servers):
Note
This step assumes you have already configured the RADIUS server(s) to support the switch.
Refer to the documentation provided with the RADIUS server documentation.)
• Server IP address
• (Optional) UDP destination port for authentication requests (default: 1812; recom-
mended)
• (Optional) UDP destination port for accounting requests (default: 1813; recommended)
• (Optional) encryption key for use during authentication sessions with a RADIUS server.
This key overrides the global encryption key you can also configure on the switch, and
must match the encryption key used on the specified RADIUS server. (Default: null)
3. Configure the global RADIUS parameters.
• Server Key: This key must match the encryption key used on the RADIUS servers the
switch contacts for authentication and accounting services unless you configure one or
more per-server keys. (Default: null.)
• Timeout Period: The timeout period the switch waits for a RADIUS server to reply.
(Default: 5 seconds; range: 1 to 15 seconds.)
• Retransmit Attempts: The number of retries when there is no server response to a
RADIUS authentication request. (Default: 3; range of 1 to 5.)
• Server Dead-Time: The period during which the switch will not send new authentica-
tion requests to a RADIUS server that has failed to respond to a previous request. This
avoids a wait for a request to time out on a server that is unavailable. If you want to use
this feature, select a dead-time period of 1 to 1440 minutes. (Default: 0—disabled; range:
1 - 1440 minutes.) If your first-choice server was initially unavailable, but then becomes
available before the dead-time expires, you can nullify the dead-time by resetting it to