Switch User Manual

ManualsBrandsEnterasys Networks ManualsSwitchSECURESTACK 9034313-07

751

752

753

754

755

756

757

758

759

760

set radius

26-8 Authentication and Authorization Configuration

Parameters

Defaults

Ifsecret‐valueisnotspecified,nonewillbeapplied.

Ifrealmisnotspecified,theanyaccessrealmwillbeused.

Mode

Switchcommand,read‐write.

Usage

TheSecureStackC3deviceallowsupto10RADIUSserverstobeconfigured,withuptotwo

serversactiveatanygiventime.

TheRADIUSclientcanonlybeenabledontheswitchonceaRADIUSserverisonline,anditsIP

address(es)hasbeenconfiguredwiththesamepasswordthe

RADIUSclientwilluse.

Examples

ThisexampleshowshowtoenabletheRADIUSclientforauthenticatingwithRADIUSserver1at

IPaddress192.168.6.203,UDPauthenticationport1812,andanauthenticationpasswordof

“pwsecret.”Aspreviouslynoted,the“serversecret”passwordenteredheremustmatchthat

alreadyconfiguredastheRead‐Write(rw)passwordonthe

RADIUSserver:

C3(su)->set radius server 1 192.168.6.203 1812 pwsecret

enable|disable EnablesordisablestheRADIUSclient.

retriesnumber‐of‐

retries

SpecifiesthenumberofretryattemptsbeforetheRADIUSservertimesout.

Validvaluesarefrom0to10.Defaultis3.

timeouttimeout Specifiesthemaximumamountofti me (inseconds)toestablishcontact

withtheRADIUSserver

beforeretryattemptsbegin.Validvaluesarefrom1

to30.Defaultis20seconds.

serverindex

ip_addressport

Specifiestheindexnumber,IPaddressandtheUDPauthenticationportfor

theRADIUSserver.

secret‐value (Optional)Specifiesanencryptionkeytobeusedforauthentication

betweentheRADIUSclientand

server.

realm

management‐

access|any|

network‐access

RealmallowsyoutodefinewhohastogothroughtheRADIUSserverfor

authentication.

• management‐access:Thismeansthatanyonetryingtoaccesstheswitch

(Telnet,SSH,LocalManagement)hastoauthenticatethroughthe

RADIUSserver.

• network‐access:Thismeans

thatalltheusershavetoauthenticatetoa

RADIUSserverbeforetheyareallowedaccesstothenetwork.

• any:Meansthatbothmanagement‐accessandnetwork‐accesshave

beenenabled.

Note: If the management-access or any access realm has been configured, the

local “admin” account is disabled for access to the switch using the console, Telnet,

or Local Management. Only the network-access realm allows access to the local

“admin” account.

index|all Appliestherealmsettingtoaspecificserverortoallservers.