Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series

721

722

723

724

725

726

727

728

729

730

aaa authentication login default radius local

2. Specify the protocol for authentication.

CONFIGURATION mode

aaa radius auth-method mschapv2

3. Establish a host address and password.

CONFIGURATION mode

radius-server host H key K

4. Log in to switch using console or telnet or ssh with a valid user role.

When 1-factor authentication is used, the authentication succeeds enabling you to access the switch. When two-factor

authentication is used, the system prompts you to enter a one-time password as a second step of authentication. If a valid one-

time password is supplied, the authentication succeeds enabling you to access the switch.

Configure RADIUS attributes 8, 87 and 168

Dell EMC Networking OS supports RADIUS attribute provisioning to indicate RADIUS server with IP address to be assigned to a

supplicant and port to which the supplicant is connected. A supplicant is a device attempting to access the network.

Attribute 8

The RADIUS attribute 8 (Framed-IP-Address) indicates the RADIUS server with the IPv4 address that needs to be assigned to a

supplicant connected to the switch. The switch or network access server (NAS) sends the IPv4 address of the connected

supplicant as attribute 8 in the RADIUS Access-Accept requests to the server. The NAS discovers the IPv4 address of the

supplicant through Dynamic Host Configuration Protocol (DHCP). The RADIUS server processes the attributes in the access

requests and responds to the NAS based on the requests.

Enable IPv4 and IPv6 DHCP snooping in the switch to discover a host IPv4 or IPv6 address using the attribute in the RADIUS

access requests.

To include RADIUS attribute 8 in access requests, use the following command:

● DellEMC(conf)# radius-server attribute 8 include-in-access-req

Use no form on the command to remove the attribute 8 configuration.

Attribute 87

The attribute 87 indicates the RADIUS server with the NAS port to which the supplicant is connected. The NAS sends the

attribute 87 to the RADIUS server through the RADIUS access requests. By default, the access requests include the attribute

87.

Attributes 168

RADIUS attribute 168 (Framed-IPv6-Address) indicates the RADIUS server with the IPv6 address to be assigned to the

supplicant. The NAS discovers the IPv6 address of the supplicant and sends the IPv6 address as attribute 168 to the RADIUS

server in the access requests.

To include RADIUS attribute 168 in access requests, use the following command:

● DellEMC(conf)# radius-server attribute 168 include-in-access-req

Use no form on the command to remove the attribute 168 configuration.

Verify RADIUS attribute configuration

Verify the attribute configuration using the show running-config command.

DellEMC# show running-config

radius-server host 10.16.206.77 key 7 387a7f2df5969da4

726

Security