Configuring RADIUS Parameters

Remote Authorization Dial-In User Service (RADIUS) servers provide a centralized 802.1X or MAC-based network access control. The switch is a RADIUS client that can use a RADIUS server to provide centralized security.

For the RADIUS server to grant access to the web-based switch configuration utility, the RADIUS server must return cisco-avpair = shell:priv-lvl=15.

To set the RADIUS server parameters:

  1. Click Security > RADIUS. The RADIUS page displays.
  2. Enter the default RADIUS parameters. Values entered in the Default Parameters are applied to all servers. If a value is not entered for a specific server (in the Add RADIUS Server page) the switch uses the values in these fields.
    • IP Version--Displays the supported IP version: IPv6 and/or IPv4 subnet.
    • Retries--Enter the number of transmitted requests that are sent to the RADIUS server before a failure is considered to have occurred.
    • Timeout for Reply--Enter the number of seconds that the switch waits for an answer from the RADIUS server before retrying the query, or switching to the next server.
    • Dead Time--Enter the number of minutes that elapse before a non-responsive RADIUS server is bypassed for service requests. If the value is 0, the server is not bypassed.
    • Key String--Enter the default key string used for authenticating and encrypting between the switch and the RADIUS server. This key must match the key configured on the RADIUS server. A key string is used to encrypt communications by using MD5. A key configured for an individual RADIUS server has precedence over the default key that is used if there is no key provided for an individual server.
  3. Click Apply. The RADIUS settings for the switch are updated in the Running Configuration file.
  4. To add a RADIUS server, click Add. The Add RADIUS Server page displays.
  5. Enter the values in the fields for each server. To use the default values entered in the RADIUS page, select Use Default.
    • Server Definition--Select whether to specify the RADIUS server by IP address or name.
    • IP Version--If the RADIUS server will be identified by IP address, select either IPv4 or IPv6, to indicate that it will be entered in the selected format.
    • IPv6 Address Type--Displays that IPv6 address type is Global.
    • Server IP Address/Name--Enter the IP address or domain name of the server.
    • Priority--Enter the priority of the server. The priority determines the order the switch attempts to contact the servers to authenticate a user. The switch will start with the highest priority RADIUS server first. Zero is the highest priority.
    • Key String--Enter the key string used for authenticating and encrypting communication between the switch and the RADIUS server. This key must match the key configured on the RADIUS server. If this field is left blank, the switch attempts to authenticate to the RADIUS server by using the default Key String.
    • Timeout for Reply--Enter the number of seconds the switch waits for an answer from the RADIUS server before retrying the query, or switching to the next server. If there is no value entered in this field, the switch uses the default timeout value.
    • Authentication Port--Enter the UDP port number of the RADUS server for authentication requests.
    • Retries--Enter the number of requests that are sent to the RADIUS server before a failure is considered to have occurred. Select Use Default to use the default value for the number of retries.
    • Dead Time--Enter the number of minutes that must pass before a non-responsive RADIUS server is bypassed for service requests. Select Use Default to use the default value for the dead time. If you enter 0 minutes, there is no dead time.
    • Usage Type--Enter the RADIUS server authentication type. The options are:
      • Login--RADIUS server is used for authenticating users that ask to administer the switch.
      • 802.1X--RADIUS server is used for 802.1x authentication.
      • All--RADIUS server is used for authenticating user that ask to administer the switch and for 802.1X authentication.
  6. Click Apply. The RADIUS server definition is added to the Running Configuration file of the switch.