User's Manual

ManualsBrandsPLANET Technology ManualsLAN SwitchesLayer 3 48-Port 10G SFP+ + 2-Port 40G QSFP+ + 4-Port 100G QSFP28 Managed Switch

111

112

113

114

115

116

117

118

119

120

111

9.1.2 RADIUS Operation

When a user attempts to log in and authenticate to an access server using RADIUS, the following steps occur:

(12) The user is prompted for and enters a username and password.

(13) The username and encrypted password are sent over the network to the RADIUS server.

(14) The user receives one of the following responses from the RADIUS server:

ACCEPT—The user is authenticated.

REJECT—The user is not authenticated and is prompted to reenter the username and

password, or access is denied.

CHALLENGE—A challenge is issued by the RADIUS server. The challenge collects

additional data from the user.

The ACCEPT or REJECT response is bundled with additional data that is used for EXEC or

network authorization. You must first complete RADIUS authentication before using RADIUS

authorization. The additional data included with the ACCEPT or REJECT packets consists

of the following:

Services that the user can access, including Telnet or rlogin.

Connection parameters, including the host or client IP address, access list, and user

timeouts.

9.2 RADIUS Configuration Steps

To configure RADIUS on your SWITCH or access server, you must perform the following tasks:

 Use the aaa authentication global configuration command to define method lists for RADIUS

authentication. For more information about using the aaa authentication command, refer to

the "Configuring Authentication" chapter.

 Use line and interface commands to enable the defined method lists to be used. For more

information, refer to the "Configuring Authentication" chapter.

The following configuration tasks are optional:

 If necessary, run aaa authorization in global configuration mode to authorize the user’s

service request. For more information about using the aaa authorization command, refer to

the "Configuring Autorization" chapter.

 If necessary, run aaa accounting in global configuration mode to record the whole service

procedure. For more information about running aaa accounting, see Record Configuration.

9.3 RADIUS Configuration Task List

 Configuring SWITCH to RADIUS Server Communication

 Configuring SWITCH to Use Vendor-Specific RADIUS Attributes

 Specifying RADIUS Authentication

 Specifying RADIUS Authorization

 Specifying RADIUS Accounting

9.4 RADIUS Configuration Task

9.4.1 Configuring Switch to RADIUS Server Communication

The RADIUS host is normally a multiuser system running RADIUS server software from Livingston, Merit,

Microsoft, or another software provider.

A RADIUS server and a Cisco router use a shared secret text string to encrypt passwords and exchange