Radius operation, Configuring radius – Dell POWEREDGE M1000E User Manual

8-19

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 8 Configuring Switch-Based Authentication

Controlling Switch Access with RADIUS

Figure 8-2

Transitioning from RADIUS to TACACS+ Services

RADIUS Operation

When a user attempts to log in and authenticate to a switch that is access controlled by a RADIUS server,
these events occur:

1.

The user is prompted to enter a username and password.

2.

The username and encrypted password are sent over the network to the RADIUS server.

3.

The user receives one of these responses from the RADIUS server:

a.

ACCEPT—The user is authenticated.

b.

REJECT—The user is either not authenticated and is prompted to re-enter the username and
password, or access is denied.

c.

CHALLENGE—A challenge requires additional data from the user.

d.

CHALLENGE PASSWORD—A response requests the user to select a new password.

The ACCEPT or REJECT response is bundled with additional data that is used for privileged EXEC or
network authorization. Users must first successfully complete RADIUS authentication before
proceeding to RADIUS authorization, if it is enabled. The additional data included with the ACCEPT or
REJECT packets includes these items:

•

Telnet, SSH, rlogin, or privileged EXEC services

•

Connection parameters, including the host or client IP address, access list, and user timeouts

Configuring RADIUS

This section describes how to configure your switch to support RADIUS. At a minimum, you must
identify the host or hosts that run the RADIUS server software and define the method lists for RADIUS
authentication. You can optionally define method lists for RADIUS authorization and accounting.

86891

RADIUS
server

RADIUS
server

TACACS+
server

TACACS+
server

R1

R2

T1

T2

Remote

PC

Workstation