Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4128F-ON/S4128T-ON

521

522

523

524

525

526

527

528

529

530

servers one at a time, until a RADIUS server responds with an accept or reject response. The switch tries to connect with a server for the

congured number of retransmit retries and timeout period.

Congure global settings for the timeout and retransmit attempts allowed on RADIUS servers by using the radius-server

retransmit and radius-server timeout commands. By default, OS10 supports three RADIUS authentication attempts and times

out after ve seconds.

• Congure the number of times OS10 retransmits a RADIUS authentication request in CONFIGURATION mode (0 to 100 retries; default

3).

radius-server retransmit retries

• Congure the timeout period used to wait for an authentication response from a RADIUS server in CONFIGURATION mode (0 to 1000

seconds; default 5).

radius-server timeout seconds

Congure RADIUS server

OS10(config)# radius-server host 1.2.4.5

OS10(config)# radius-server retransmit 10

OS10(config)# radius-server timeout 10

View RADIUS server conguration

OS10# show running-configuration

...

radius-server host 1.2.4.5 key 9

3a95c26b2a5b96a6b80036839f296babe03560f4b0b7220d6454b3e71bdfc59b

radius-server retransmit 10

radius-server timeout 10

...

Delete RADIUS server

OS10# no radius server host 1.2.4.5

TACACS+ authentication

Congure a TACACS+ authentication server by entering the server's IP address or host name. You must also enter a text string for the key

used to authenticate the OS10 switch on a TACACS+ host. The TCP port entry is optional.

TACACS+ provides greater data security by encrypting the entire protocol portion in a packet sent from the switch to an authentication

server. RADIUS encrypts only passwords.

• Congure a TACACS+ authentication server in CONFIGURATION mode. By default, a TACACS+ server uses TCP port 49 for

authentication.

tacacs-server host {hostname | ip-address} key {0 authentication-key | 9 authentication-key

| authentication-key} [auth-port port-number]

Re-enter the tacacs-server host command multiple times to congure more than one TACACS+ server. If you congure multiple

TACACS+ servers, OS10 attempts to connect in the order you congured them. An OS10 switch connects with the congured TACACS+

servers one at a time, until a TACACS+ server responds with an accept or reject response.

Congure the global timeout used on all TACACS+ servers by using the tacacs-server timeout command. By default, OS10 times

out an authentication attempt on a TACACS+ server after ve seconds.

• Enter the timeout value used to wait for an authentication response from TACACS+ servers in CONFIGURATION mode (1 to 1000

seconds; default 5).

tacacs-server timeout seconds

System management

521