Users Guide
CONFIGURATION mode
aaa authentication login method-list-name radius
• Create a method list with RADIUS and TACACS+ as authorization methods.
CONFIGURATION mode
aaa authorization exec {method-list-name | default} radius tacacs+
Typical order of methods: RADIUS, TACACS+, Local, None.
If RADIUS denies authorization, the session ends (RADIUS must not be the last method specified).
Applying the Method List to Terminal Lines
To enable RADIUS AAA login authentication for a method list, apply it to a terminal line.
To configure a terminal line for RADIUS authentication and authorization, use the following commands.
• Enter LINE mode.
CONFIGURATION mode
line {aux 0 | console 0 | vty number [end-number]}
• Enable AAA login authentication for the specified RADIUS method list.
LINE mode
login authentication {method-list-name | default}
This procedure is mandatory if you are not using default lists.
• To use the method list.
CONFIGURATION mode
authorization exec methodlist
Specifying a RADIUS Server Host
When configuring a RADIUS server host, you can set different communication parameters, such as the UDP
port, the key password, the number of retries, and the timeout.
To specify a RADIUS server host and configure its communication parameters, use the following command.
• Enter the host name or IP address of the RADIUS server host.
CONFIGURATION mode
radius-server host {hostname | ip-address} [auth-port port-number] [retransmit
retries] [timeout seconds] [key [encryption-type] key]
Configure the optional communication parameters for the specific host:
• auth-port port-number: the range is from 0 to 65535. Enter a UDP port number. The default is
1812.
• retransmit retries: the range is from 0 to 100. Default is 3.
• timeout seconds: the range is from 0 to 1000. Default is 5 seconds.
Security 938