Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsFN IO Module
721722723724725726727728729730
seconds: the range is from 0 to 2147483647. The default is 0 seconds.
Congure a key for all RADIUS communications between the system and RADIUS server hosts.
CONFIGURATION mode
radius-server key [encryption-type] key
encryption-type: enter 7 to encrypt the password. Enter 0 to keep the password as plain text.
key: enter a string. The key can be up to 42 characters long. You cannot use spaces in the key.
Congure the number of times Dell EMC Networking OS retransmits RADIUS requests.
CONFIGURATION mode
radius-server retransmit retries
retries: the range is from 0 to 100. Default is 3 retries.
Congure the time interval the system waits for a RADIUS server host response.
CONFIGURATION mode
radius-server timeout seconds
seconds: the range is from 0 to 1000. Default is 5 seconds.
To view the conguration of RADIUS communication parameters, use the show running-config command in EXEC Privilege mode.
Monitoring RADIUS
To view information on RADIUS transactions, use the following command.
View RADIUS transactions to troubleshoot problems.
EXEC Privilege mode
debug radius
Support for Change of Authorization and Disconnect
Messages packets
The Network Access Server (NAS) uses RADIUS to authenticate AAA or dot1x user-access to the switch. The RADIUS service does not
support unsolicited messages sent from the RADIUS server to the NAS.
However, there are many instances in which it is desirable for changes to be made to session characteristics, without requiring the NAS to
initiate the exchange. For example, it may be desirable for administrators to be able to terminate user sessions in progress.
Alternatively, if the user changes authorization level, this change may require that authorization attributes be added or deleted from the
user sessions.
To overcome these limitations, Dell EMC Networking OS provides RADIUS extension commands in order to enable unsolicited messages to
be sent to the NAS. These extension commands provide support for Disconnect Messages (DMs) and Change-of-Authorization (CoA)
packets. DMs cause user sessions to be terminated immediately; whereas, CoA packets modify session authorization attributes such as
VLAN IDs, user privileges, and so on.
724
Security