Administrator Guide
Authentication, Authorization, and Accounting 313
3
Configure a local RADIUS client connection to RADIUS server
10.11.12.13 using the shared secret “secret sauce”. The default port
number is used.
console(config-radius-da)#client 10.11.12.13 server-key
“secret sauce”
4
Disconnect-request client identification must match on all keys.
console(config-radius-da)#auth-type all
console(config-radius-da)#exit
RADIUS COA Example with Telnet and SSH
The following example configures telnet and SSH clients in conjunction with
RADIUS CoA.
1
Configure a login list named “login-list” that uses RADIUS as the only
method:
console#config
console(config)#aaa authentication login “login-list” radius
2
Enable RADIUS COA:
console(config)#aaa server radius dynamic-author
3
Enable the switch RADIUS client connecting to the RADIUS server at
10.130.191.89:
console(config-radius-da)#client 10.130.191.89 server-key
“shared secret”
4
Allow matching of the client session on any of the key values:
console(config-radius-da)#auth-type any
console(config-radius-da)#exit
5
Configure the RADIUS server attribute 4 (NAS-IP-Address). This
attribute is sent in the RADIUS message to the RADIUS server but does
not change the source IP address sent in the RADIUS messages. It allows a
group of NASs to simulate a large RADIUS NAS:
console(config)#radius server attribute 4 10.130.65.4
6
Configure the remote RADIUS server address with name Default-
RADIUS-Server and key “shared secret”:
console(config)#radius server auth 10.130.191.89
console(config-auth-radius)#name Default-RADIUS-Server
console(config-auth-radius)#key “shared secret”
console(config-auth-radius)#exit