Specifications
130 ExtremeWare XOS 10.1 Concepts Guide
Security
To disable RADIUS authentication, use the following command:
disable radius
Configuring RADIUS Accounting
Extreme switches are capable of sending RADIUS accounting information. As with RADIUS
authentication, you can specify two servers for receipt of accounting information.
To specify RADIUS accounting servers, use the following command:
configure radius-accounting [primary | secondary] server [<ipaddress> | <hostname>]
{<tcp_port>} client-ip [<ipaddress>] {vr <vr_name>}
To configure the timeout if a server fails to respond, use the following command:
configure radius-accounting timeout <seconds>
RADIUS accounting also makes use of the shared secret password mechanism to validate
communication between network access devices and RADIUS accounting servers.
To specify shared secret passwords for RADIUS accounting servers, use the following command:
configure radius-accounting [primary | secondary] shared-secret [<string>]
After you configure RADIUS accounting server information, you must enable accounting before the
switch begins transmitting the information. You must enable RADIUS authentication for accounting
information to be generated. You can enable and disable accounting without affecting the current state
of RADIUS authentication.
To enable RADIUS accounting, use the following command:
enable radius-accounting
To disable RADIUS accounting, use the following command:
disable radius-accounting
Configuring RADIUS
You can define primary and secondary server communication information, and for each RADIUS server,
the RADIUS port number to use when talking to the RADIUS server. The default port value is 1812for
authentication and 1813 for accounting. The client IP address is the IP address used by the RADIUS
server for communicating back to the switch.
RADIUS RFC 2138 Attributes
The RADIUS RFC 2138 optional attributes supported are as follows:
• User-Name
• User-Password
• Service-Type
• Login-IP-Host