5-10
RADIUS Authentication and Accounting
Configuring the Switch for RADIUS Authentication
2. Configure the Switch To Access a RADIUS Server
This section describes how to configure the switch to interact with a RADIUS
server for both authentication and accounting services.
Note If you want to configure RADIUS accounting on the switch, go to page 5-17:
“Configuring RADIUS Accounting” instead of continuing here.
Syntax: [no] radius-server host < ip-address >
Adds a server to the RADIUS configuration or (with no)
deletes a server from the configuration. You can configure
up to three RADIUS server addresses. The switch uses the
first server it successfully accesses. (Refer to “Changing
the RADIUS Server Access Order” on page 5-29.)
[auth-port < port-number >]
Optional. Changes the UDP destination port for authenti-
cation requests to the specified RADIUS server (host). If
you do not use this option with the radius-server host
command, the switch automatically assigns the default
authentication port number. The auth-port number must
match its server counterpart. (Default: 1812)
[acct-port < port-number >]
Optional. Changes the UDP destination port for account-
ing requests to the specified RADIUS server. If you do not
use this option with the radius-server host command, the
switch automatically assigns the default accounting port
number. The acct-port number must match its server coun-
terpart.(Default: 1813)
[key < key-string >]
Optional. Specifies an encryption key for use during
authentication (or accounting) sessions with the specified
server. This key must match the encryption key used on
the RADIUS server. Use this command only if the specified
server requires a different encryption key than configured
for the global encryption key.
no radius-server host < ip-address > key
Use the no form of the command to remove the key for a
specified server.