User's Manual

ManualsBrandsPLANET Technology ManualsLAN SwitchesLayer 3 48-Port 10G SFP+ + 2-Port 40G QSFP+ + 4-Port 100G QSFP28 Managed Switch

111

112

113

114

115

116

117

118

119

120

112

responses.

To configure RADIUS to use the AAA security commands, you must specify the host running the RADIUS

server daemon and a secret text (key) string that it shares with the router.

To configure per-server RADIUS server communication, use the following command in global configuration

mode:

command purpose

radius-server host

ip-address [

auth-port

port-number][

acct-port

portnumber]

Specifies the IP address or host name of the remote

RADIUS server host and assign authentication and

accounting destination port numbers.

radius-server key

string Specifies the shared secret text string used between

the router and a RADIUS server.

To configure global communication settings between the router and a RADIUS server, use the following radius-

server commands in global configuration mode:：

command purpose

radius-server retransmit

retries

Specifies how many times the switch transmits each

RADIUS request to the server before giving up (the

default is 2).

radius-server timeout

seconds

Specifies for how many seconds a switch waits for a

reply to a RADIUS request before retransmitting the

request.

radius-server deadtime

minutes

Specifies for how many minutes a RADIUS server

that is not responding to authentication requests is

passed over by requests for RADIUS authentication.

9.4.2 Configuring Switch to Use Vendor-Specific RADIUS Attributes

The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating vendor-

specific information between the network access server and the RADIUS server by using the vendor-specific

attribute (attribute 26).

Vendor-specific attributes (VSAs) allow vendors to support their own extended attributes not suitable for

general use.

For more information about vendor-IDs and VSAs, refer to RFC 2138, Remote Authentication Dial-In User

Service (RADIUS). To configure the network access server to recognize and use VSAs, use the following

command in global configuration mode:

command purpose

radius-server vsa send

[authentication] Enables the network access server to

recognize and use VSAs as defined by

RADIUS IETF attribute 26.

9.4.3 Specifying RADIUS Authentication

After you have identified the RADIUS server and defined the RADIUS authentication key, you must define

method lists for RADIUS authentication. Because RADIUS authentication is facilitated through AAA, you must

enter the aaa authentication command, specifying RADIUS as the authentication method. For more information,

refer to the chapter "Configuring Authentication."