Configuring ssr access security, Configure radius, Monitor radius – Cabletron Systems SmartSwitch Router 9032578-02 User Manual

Chapter 10: Security Configuration Guide

162

SmartSwitch Router User Reference Manual

Configuring SSR Access Security

Configure RADIUS

You can secure login or Enable mode access to the SSR by enabling a Remote
Authentication Dial-In Service (RADIUS) client. A RADIUS server responds to the SSR
RADIUS client to provide authentication.

You can configure up to five RADIUS server targets on the SSR. A timeout is set to tell the
SSR how long to wait for a response from RADIUS servers.

To configure RADIUS security, enter the following commands in Configure mode:

Monitor RADIUS

You can monitor RADIUS configuration and statistics within the SSR.

To monitor RADIUS, enter the following commands in Enable mode:

Configure TACACS

In addition, Enable mode access to the SSR can be made secure by enabling a Terminal
Access Controller Access Control System (TACACS) client. Without TACACS, TACACS
Plus, or RADIUS enabled, only local password authentication is performed on the SSR.
The TACACS client provides user name and password authentication for Enable mode. A
TACACS server responds to the SSR TACACS client to provide authentication.

You can configure up to five TACACS server targets on the SSR. A timeout is set to tell the
SSR how long to wait for a response from TACACS servers.

Specify a RADIUS server.

radius set host

<hostname or IP-addr>

Set the RADIUS time to wait for a
RADIUS server reply.

radius set timeout

<number>

Determine the SSR action if no
server responds.

radius set last-resort password|succeed

Enable RADIUS.

radius enable

Show

RADIUS server statistics.

radius show stats

Show all

RADIUS parameters.

radius show all