authentication
loginRemote Authentication Dial-in User Service (RADIUS) is a system that uses a central server running RADIUS software to control access to RADIUS-aware devices on the network. A RADIUS server contains a database of mulitple user name/password pairs with associated privilege levels for each user or group that require management access to a switch using the console port, Telnet or Web.
When setting up privilege levels on the RADIUS server, command access to the switch can be set at level 1 for Normal Exec mode or level 15 for Privileged Exec mode.
 |
NOTE: The local switch user database has to be set up by manually entering user names and passwords using the CLI. |
Use this command to define the login authentication method and precedence. Use the no form to restore the default.
Syntax
authentication login {radius | local | radius local | local radius}
no authentication login
- radius - Use RADIUS server password only.
- local - Use local password only.
- radius local - Use RADIUS server password first and local password next.
- local radius - Use local password first and RADIUS server password next.
Default Setting
None
Command Mode
Global Configuration
Example
(config)#authentication login radius
(config)#
Related Commands
username for setting the local password
Use this command to specify the RADIUS server. Use the no form to restore
the default.
Syntax
radius-server host host_ip_address
no radius-server host
host_ip_address - IP address of server.
Default Setting
10.1.0.1
Command Mode
Global Configuration
Example
(config)#radius-server host 192.168.1.25
(config)#
Use this command to set the RADIUS server network port. Use the no
form to restore the default.
Syntax
radius-server port port_number
no radius-server port
port_number - RADIUS server UDP port used for authentication messages. (Range: 1-65535)
Default Setting
1812
Command Mode
Global Configuration
Example
(config)#radius-server port 181
(config)#
Use this command to set the RADIUS encryption key. Use the no form
to restore the default.
Syntax
radius-server key key_string
no radius-server key
key_string - Encryption key used to authenticate logon access for client.
(Maximum length: 20 characters)
Default Setting
None
Command Mode
Global Configuration
Command Usage
Do not use blank spaces in the string.
Example
(config)#radius-server key solvent
(config)#
Use this command to set the number of retries. Use the no form to restore
the default.
Syntax
radius-server retransmit number_of_retries
no radius-server retransmit
number_of_retries - Number of times the switch will try to authenticate logon access via the RADIUS server. (Range is 1 - 30)
Default Setting
2
Command Mode
Global Configuration
Example
(config)#radius-server retransmit 5
(config)#
Use this command to set the interval between transmitting authentication requests
to the RADIUS server. Use the no form to restore the default.
Syntax
radius-server timeout number_of_seconds
no radius-server timeout
number_of_seconds - Number of seconds the switch waits for a reply before resending a request. (Range: 1-65535)
Default Setting
5 seconds
Command Mode
Global Configuration
Example
(config)#radius-server timeout 10
(config)#
Use this command to display current settings for the RADIUS server.
Default Setting
None
Command Mode
Privileged Exec
Example
#show radius-server
Remote radius server configuration:
Server IP address: 10.1.0.1
Communication key with radius server:
Server port number: 1812
Retransmit times: 2
Request timeout: 5
#