118
Enhancements in Release F.04.08
Configuring RADIUS Authentication and Accounting
1. Configure the Switch To Access a RADIUS Server
Before you configure the actual accounting parameters, you should first configure the switch to use
a RADIUS server. This is the same as the process described on page 109. You need to repeat this step
here only if you have not yet configured the switch to use a RADIUS server, your server data has
changed, or you need to specify a non-default UDP destination port for accounting requests. Note
that switch operation expects a RADIUS server to accommodate both authentication and accounting.
Syntax: [no] radius-server host < ip-address > Adds a server to the RADIUS configuration or
(with no) deletes a server from the configuration.
[acct-port < port-number >] Optional. Changes the UDP destination port
for accounting requests to the specified RADIUS
server. If you do not use this option, the switch
automatically assigns the default accounting
port number. (Default: 1813)
[key < key-string >] Optional. Specifies an encryption key for use
during accounting or authentication sessions
with the specified server. This key must match
the encryption key used on the RADIUS server.
Use this command only if the specified server
requires a different encryption key than
configured for the global encryption key.
(For a more complete description of the radius-server command and its options, turn to page 109.)
For example, suppose you want to the switch to use the RADIUS server described below for both
authentication and accounting purposes.
■ IP address: 10.33.18.151
■ A non-default UDP port number of 1750 for accounting.
For this example, assume that all other RADIUS authentication parameters for accessing this server
are acceptable at their default settings, and that RADIUS is already configured as an authentication
method for one or more types of access to the switch (Telnet, Console, etc.).