Filter
Top Products
RADIUS Authentication and Accounting
Configuring the Switch for RADIUS Authentication
1. Configure Authentication for the Access Methods You
Want RADIUS To Protect
This section describes how to configure the switch for RADIUS authentication
through the following access methods:
■ Console: Either direct serial-port connection or modem connection.
■ Telnet: Inbound Telnet must be enabled (the default).
■ SSH: To employ RADIUS for SSH access, you must first configure the
switch for SSH operation. Refer to “Configuring Secure Shell (SSH)”
on page 6-1.
You can also use RADIUS for Port-Based Access authentication. Refer to
“Configuring Port-Based Access Control (802.1X)” on page 8-1.
You can configure RADIUS as the primary password authentication method
for the above access methods. You will also need to select either local or none
as a secondary, or backup, method. Note that for console access, if you
configure radius (or tacacs) for primary authentication, you must configure
local for the secondary method. This prevents the possibility of being com-
pletely locked out of the switch in the event that all primary access methods
fail.
Syntax: aaa authentication < console | telnet | ssh > < enable | login > < radius >
Configures RADIUS as the primary password authentication
method for console, Telnet, and/or SSH. (The default primary
< enable | login > authentication is local.)
[< local | none >]
Provides options for secondary authentication
(default: none). Note that for console access, secondary
authentication must be local if primary access is not
local. This prevents you from being completely locked
out of the switch in the event of a failure in other access
methods.
5-8