Owner's Manual

ManualsBrandsNetgear ManualsHubsNetgear XCM8806

471

472

473

474

475

476

477

478

479

480

476 | Chapter 17. Security

NETGEAR 8800 User Manual

Specifying RADIUS Server Addresses

Before the RADIUS client software can communicate with a RADIUS server, you must

specify the server address in the client software. You can specify up to two RADIUS servers,

and you can use either an IP address or a host name to identify each server.

To configure the RADIUS servers in the client software, use the following command:

configure radius {mgmt-access | netlogin} [primary | secondary] server

[<ipaddress> | <hostname>] {<udp_port>} client-ip [<ipaddress>] {vr <vr_name>}

The default port value for authentication is 1812. The client IP address is the IP address used

by the RADIUS server for communicating back to the switch.

To configure the primary RADIUS server, specify primary. To configure the secondary

RADIUS server, specify

secondary.

By default, switch management and network login use the same primary and secondary

RADIUS servers for authentication. To specify one pair of RADIUS servers for switch

management and another pair for network login, use the

mgmt-access and netlogin

keywords.

Configuring the RADIUS Client Timeout Value

To configure the timeout if a server fails to respond, use the following command:

configure radius {mgmt-access | netlogin} timeout <seconds>

If the timeout expires, another authentication attempt is made. After three failed attempts to

authenticate, the alternate server is used. After six failed attempts, local user authentication

is used.

If you do not specify the mgmt-access or netlogin keyword, the timeout interval applies to

both switch management and netlogin RADIUS servers.

Configuring the Shared Secret Password for RADIUS Communications

The shared secret is a password that is configured on each network device (RADIUS client)

and RADIUS server. The shared secret is used to verify communication between network

devices and the server.

To configure the shared secret for client communications with RADIUS servers, use the

following command:

configure radius {mgmt-access | netlogin} [primary | secondary] shared-secret

{encrypted} <string>

To configure the shared secret for a primary RADIUS server, specify primary. To configure

the shared secret for a secondary RADIUS server, specify

secondary.

If you do not specify the mgmt-access or netlogin keyword, the secret applies to both the

primary and secondary switch management and network login RADIUS servers.

Do not use the encrypted keyword to set the shared secret. The encrypted keyword prevents

the display of the shared secret in the

show configuration command output.