12 radius-server authentication host, Radius, Server authentication host – PLANET XGS3-24040 User Manual

47-5

<port-number> parameter is used to specify accounting port number, which must be the same as the

specified accounting port in the RADIUS server; the default port number is 1813. If this port number is set

to 0, accounting port number will be generated at random and can result in invalid configuration. This

command can be used repeatedly to configure multiple RADIUS servers communicating with the switch,

the switch will send accounting packets to all the configured accounting servers, and all the accounting

servers can be backup servers for each other. If primary is specified, then the specified RADIUS server

will be the primary server.

Example: Sets the RADIUS accounting server of IP address to 2004:1:2:3::2, as the primary server, with

the accounting port number as 3000.

Switch(config)#radius-server accounting host 2004:1:2:3::2 port 3000 primary

47.12 radius-server authentication host

Command: radius-server authentication host {<ipv4-address >|<ipv6-address>} [port

<port-number>] [key <string>] [primary] [access-mode {dot1x|telnet}]

no radius-server authentication host {<ipv4-address >|<ipv6-address>}

Function: Specifies the IP address and listening port number, cipher key, whether be primary server or

not and access mode for the RADIUS server; the no command deletes the RADIUS authentication

server.

Parameters: <ipv4-address >|<ipv6-address> stands for the server IPv4/IPv6 address;

<port-number> for listening port number, from 0 to 65535, where 0 stands for

non-authentication server usage;

<string> is cipher key string;

primary for primary server. Multiple RADIUS Sever can be configured and would be

available. RADIUS Server will be searched by the configured order if primary is not configured,

otherwise, the specified RADIUS server will be used last.

[access-mode {dot1x|telnet}] designates the current RADIUS server only use 802.1x

authentication or telnet authentication, all services can use current RADIUS server by default.

Command mode: Global Mode

Default: No RADIUS authentication server is configured by default.

Usage Guide: This command is used to specify the IPv4/IPv6 address and port number, cipher key

string and access mode of the specified RADIUS server for switch authentication, multiple command

instances can be configured. The port parameter is used to specify authentication port number, which

must be the same as the specified authentication port in the RADIUS server, the default port number is

1812. If this port number is set to 0, the specified server is regard as non-authenticating. This command

can be used repeatedly to configure multiple RADIUS servers communicating with the switch, the

configured order is used as the priority for the switch authentication server. When the first server has

responded (whether the authentication is successed or failed), switch does not send the authentication

request to the next. If primary is specified, then the specified RADIUS server will be the primary server. It

will use the cipher key which be configured by radius-server key <string> global command if the current

RADIUS server not configure key<string>. Besides, it can designate the current RADIUS server only use

802.1x authentication or telnet authentication via access-mode option. It is not configure access-mode

option and all services can use current RADIUS server by default.