Concept Guide

ManualsBrandsDell ManualsComputer equipmentPowerEdge M IO Aggregator

191

192

193

194

195

196

197

198

199

200

Typical order of methods: RADIUS, TACACS+, Local, None.

If RADIUS denies authorization, the session ends (RADIUS must not be the last method specied).

Applying the Method List to Terminal Lines

To enable RADIUS AAA login authentication for a method list, apply it to a terminal line.

To congure a terminal line for RADIUS authentication and authorization, use the following commands.

• Enter LINE mode.

CONFIGURATION mode

line {aux 0 | console 0 | vty number [end-number]}

• Enable AAA login authentication for the specied RADIUS method list.

LINE mode

This procedure is mandatory if you are not using default lists.

• To use the method list.

CONFIGURATION mode

authorization exec methodlist

Specifying a RADIUS Server Host

When conguring a RADIUS server host, you can set dierent communication parameters, such as the UDP port, the key password, the

number of retries, and the timeout.

To specify a RADIUS server host and congure its communication parameters, use the following command.

• Enter the host name or IP address of the RADIUS server host.

CONFIGURATION mode

radius-server host {hostname | ip-address} [auth-port port-number] [retransmit retries]

[timeout seconds] [key [encryption-type] key]

Congure the optional communication parameters for the specic host:

– auth-port port-number: the range is from 0 to 65535. Enter a UDP port number. The default is 1812.

– retransmit retries: the range is from 0 to 100. Default is 3.

– timeout seconds: the range is from 0 to 1000. Default is 5 seconds.

– key [encryption-type] key: enter 0 for plain text or 7 for encrypted text, and a string for the key. The key can be up to 42

characters long. This key must match the key congured on the RADIUS server host.

If you do not congure these optional parameters, the global default values for all RADIUS host are applied.

To specify multiple RADIUS server hosts, congure the radius-server host command multiple times. If you congure multiple

RADIUS server hosts, Dell EMC Networking OS attempts to connect with them in the order in which they were congured. When Dell

EMC Networking OS attempts to authenticate a user, the software connects with the RADIUS server hosts one at a time, until a RADIUS

server host responds with an accept or reject response.

If you want to change an optional parameter setting for a specic host, use the radius-server host command. To change the global

communication settings to all RADIUS server hosts, refer to Setting Global Communication Parameters for all RADIUS Server Hosts.

To view the RADIUS conguration, use the show running-config radius command in EXEC Privilege mode.

To delete a RADIUS server host, use the no radius-server host {hostname | ip-address} command.

Security

197