RADIUS Authentication, Authorization, and Accounting
Configuring the Switch for RADIUS Authentication
ure local for the secondary method. This prevents the possibility of being
completely locked out of the switch in the event that all primary access
methods fail.
In certain situations, RADIUS servers can become isolated from the network.
Users are not able to access the network resources configured with RADIUS
access protection and are rejected. To address this situation, configuring the
authorized secondary authentication method allows users unconditional
access to the network when the primary authentication method fails because
the RADIUS servers are unreachable.
Caution Configuring authorized as the secondary authentication method used when
there is a failure accessing the RADIUS servers allows clients to access the
network unconditionally. Use this method with care.
Syntax: aaa authentication < console | telnet | ssh | web | < enable | login <local
| radius>> web-based | mac-based <chap-radius | peap-radius>>
Configures RADIUS as the primary password authentication
method for console, Telnet, SSH, and/or the web browser interface.
(The default primary < enable | login > authentication is local.)
<console | telnet | ssh | web>
[< local | none | authorized >]
Provides options for secondary authentication
(default: none). Note that for console access, secondary
authentication must be local if primary access is not
local. This prevents you from being locked out of the
switch in the event of a failure in other access methods.
<<web-based | mac-based > login> <chap-radius | peap-mschap v2>:
Password authentication for web-based or mac-based port
access to the switch. Use peap-mschapv2 when you want pass-
word verification without requiring access to a plain text
password; it is more secure.
Default: chap-radius
[none | authorized]: Provides options for secondary
authentication. The none option specifies that a backup
authentication method is not used. The authorized
option allows access without authentication. (default: