Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsSoftwareExtremeWare Command
121122123124125126127128129130
Authenticating Users Using RADIUS or TACACS+
ExtremeWare XOS 10.1 Concepts Guide 129
Authenticating Users Using RADIUS or TACACS+
ExtremeWare XOS provides two methods to authenticate users who login to the switch:
RADIUS
TACACS+
RADIUS
Remote Authentication Dial In User Service (RADIUS, RFC 2138) is a mechanism for authenticating and
centrally administrating access to network nodes. The ExtremeWare XOS RADIUS implementation
allows authentication for Telnet or console access to the switch.
NOTE
You cannot configure RADIUS and TACACS+ at the same time.
You can define a primary and secondary RADIUS server for the switch to contact. When a user
attempts to login using Telnet, http, or the console, the request is relayed to the primary RADIUS server,
and then to the secondary RADIUS server, if the primary does not respond. If the RADIUS client is
enabled, but access to the RADIUS primary and secondary server fails, the switch uses its local database
for authentication.
The privileges assigned to the user (admin versus nonadmin) at the RADIUS server take precedence
over the configuration in the local switch database.
To configure the RADIUS servers, use the following command:
configure radius [primary | secondary] server [<ipaddress> | <hostname>] {<udp_port>}
client-ip [<ipaddress>] {vr <vr_name>}
To configure the timeout if a server fails to respond, use the following command:
configure radius timeout <seconds>
Configuring the Shared Secret Password
In addition to specifying the RADIUS server IP information, RADIUS also contains a means to verify
communication between network devices and the server. The shared secret is a password configured on
the network device and RADIUS server, used by each to verify communication.
To configure the shared secret for RADIUS servers, use the following command:
configure radius [primary | secondary] shared-secret [<string>]
Enabling and Disabling RADIUS
After server information is entered, you can start and stop RADIUS authentication as many times as
necessary without needing to reconfigure server information.
To enable RADIUS authentication, use the following command:
enable radius