12 radius-server authentication host, Radius, Server authentication host – PLANET XGS3-24042 User Manual

52-8

52.12 radius-server authentication host

Command:

radius-server authentication host {<ipv4-address> | <ipv6-address>} [port <port-number>]

[key <string>] [primary] [access-mode {dot1x | telnet}]

no radius-server authentication host {<ipv4-address> | <ipv6-address>}

Function:

Specifies the IPv4 address or IPv6 address and listening port number, cipher key, whether be

primary server or not and access mode for the RADIUS server; the no command deletes the

RADIUS authentication server.

Parameters:

<ipv4-address> | <ipv6-address> stands for the server IPv4/IPv6 address;

<port-number> for listening port number, from 0 to 65535, where 0 stands for non-authentication

server usage;

<string> is cipher key string;

primary for primary server. Multiple RADIUS Sever can be configured and would be available.

RADIUS Server will be searched by the configured order if primary is not configured, otherwise, the

specified RADIUS server will be used last.

[access-mode {dot1x|telnet}] designates the current RADIUS server only use 802.1x

authentication or telnet authentication, all services can use current RADIUS server by default.

Command mode:

Global Mode

Default:

No RADIUS authentication server is configured by default.

Usage Guide:

This command is used to specify the IPv4 address or IPv6 address and port number, cipher key

string and access mode of the specified RADIUS server for switch authentication, multiple

command instances can be configured. The port parameter is used to specify authentication port

number, which must be the same as the specified authentication port in the RADIUS server, the

default port number is 1812. If this port number is set to 0, the specified server is regard as

non-authenticating. This command can be used repeatedly to configure multiple RADIUS servers

communicating with the switch, the configured order is used as the priority for the switch

authentication server. When the first server has responded (whether the authentication is

successed or failed), switch does not send the authentication request to the next. If primary is

specified, then the specified RADIUS server will be the primary server. It will use the cipher key

which be configured by radius-server key <string> global command if the current RADIUS server

not configure key<string>. Besides, it can designate the current RADIUS server only use 802.1x

authentication or telnet authentication via access-mode option. It is not configure access-mode