User's Manual

113
9.4.4 Specifying RADIUS Authorization
AAA authorization lets you set parameters that restrict a user's access to the network. Authorization using
RADIUS provides one method for remote access control, including one-time authorization or authorization for
each service, per-user account list and profile, user group support, and support of IP, IPX, ARA, and Telnet.
Because RADIUS authorization is facilitated through AAA, you must issue the aaa authorization command,
specifying RADIUS as the authorization method. For more information, refer to the chapter "Configuring
Authorization."
9.4.5 Specifying RADIUS Accounting
The AAA accounting feature enables you to track the services users are accessing as well as the amount of
network resources they are consuming. Because RADIUS accounting is facilitated through AAA, you must
issue the aaa accounting command, specifying RADIUS as the accounting method. For more information, refer
to the chapter "Configuring Accounting."
9.5 RADIUS Configuration Examples
9.5.1 RADIUS Authentication Example
The following example shows how to configure the switch to authenticate and authorize using RADIUS
aaa authentication login use-radius group radius local
The lines in this sample RADIUS authentication and authorization configuration are defined as follows:
aaa authentication login use-radius radius local configures the SWITCH to use RADIUS for authentication at
the login prompt. If RADIUS returns an error, the user is authenticated using the local database. In this example,
use-radius is the name of the method list, which specifies RADIUS and then local authentication.
9.5.2 RADIUS Application in AAA
The following example shows a general configuration using RADIUS with the AAA command set:
radius-server host 1.2.3.4
radius-server key myRaDiUSpassWoRd
username root password AlongPassword
aaa authentication login admins group radius local
line vty 1 16
login authentication admins
The meaning of each command line is shown below:
radius-server host is used to define the IP address of the RADIUS server.
radius-server key is used to define the shared key between network access server and RADIUS server.
aaa authentication login admins group radius local command defines the authentication method list "admins,"
which specifies that RADIUS authentication and then (if the RADIUS server does not respond) local
authentication will be used on serial lines using PPP.
login authentication admins is used to designate to apply the admins method list during login.