How radius authentication works, Configuring radius on the switch (aos cli example) – NEC INTELLIGENT L2 SWITCH N8406-022A User Manual

Page 15

Advertising
background image

Accessing the switch 15


How RADIUS authentication works

RADIUS authentication works as follows:

1.

A remote administrator connects to the switch and provides the user name and password.

2. Using

Authentication/Authorization protocol, the switch sends the request to the authentication server.

3.

The authentication server checks the request against the user ID database.

4.

Using RADIUS protocol, the authentication server instructs the switch to grant or deny administrative access.

Configuring RADIUS on the switch (AOS CLI example)

To configure RADIUS on the switch, do the following:

1. Turn

RADIUS

authentication on, and then configure the Primary and Secondary RADIUS servers. For

example:

>> Main# /cfg/sys/radius (Select the RADIUS Server menu)

>> RADIUS Server# on (Turn RADIUS on)

Current status: OFF

New status: ON

>> RADIUS Server# prisrv 10.10.1.1 (Enter primary server IP)

Current primary RADIUS server: 0.0.0.0

New pending primary RADIUS server: 10.10.1.1

>> RADIUS Server# secsrv 10.10.1.2 (Enter secondary server IP)

Current secondary RADIUS server: 0.0.0.0

New pending secondary RADIUS server: 10.10.1.2

2. Configure

the

primary RADIUS secret and secondary RADIUS secret.

>> RADIUS Server# secret

Enter new RADIUS secret: <1-32 character secret>

>> RADIUS Server# secret2

Enter new RADIUS second secret: <1-32 character secret>

CAUTION: If you configure the RADIUS secret using any method other than a direct console connection, the
secret may be transmitted over the network as clear text.

3.

If desired, you may change the default User Datagram Protocol (UDP) port number used to listen to RADIUS.

4.

The well-known port for RADIUS is 1645.

>> RADIUS Server# port

Current RADIUS port: 1645

Enter new RADIUS port [1500-3000]: <port number>

5.

Configure the number of retry attempts for contacting the RADIUS server and the timeout period.

>> RADIUS Server# retries

Current RADIUS server retries: 3

Enter new RADIUS server retries [1-3]:<server retries>

>> RADIUS Server# time

Current RADIUS server timeout: 3

Enter new RADIUS server timeout [1-10]: 10 (Enter the timeout period
in seconds)

6.

Configure the number of retry attempts for contacting the RADIUS server and the timeout period.

>> RADIUS Server# apply

>> RADIUS Server# save

Advertising
Popular Brands
Popular manuals