To configure a RADIUS server, use the radius-server host Global Configuration mode command.
To delete a RADIUS server, use the no form of the command.
Syntax
radius-server host {ip-address | hostname} [acct-port acct-port-number] [auth-port auth-port-number] [key key-string] [priority
priority] [retransmit retries] [timeout timeout] [usg-type {802.1x | all | login}]
no radius-server host hostname
Parameters
ip-address—IP address of the RADIUS server.
hostname—Hostname of the RADIUS server.
acct-port acct-port-number—(Optional) Specifies the UDP port number of the RADIUS server for accounting requests. If the UDP port number is set to 0,
the host is not used for accounting. (Range: 0 to 65535)
auth-port auth-port-number—(Optional) Specifies the UDP port number of the RADIUS server for authentication requests. If the UDP port number is set
to 0, the host is not used for authentication. (Range: 0 to 65535)
key key-string—(Optional) Specifies the authentication and encryption key for all RADIUS communications between the switch and the RADIUS
server. This key must match the encryption used on the RADIUS daemon. To specify an empty string, enter "". (Length: 0 to
128 characters)
priority priority—(Optional) Specifies the priority of the RADIUS server, where 0 has the highest priority. (Range: 0 to 65535)
retransmit retries—(Optional) Specifies the number of requests that are sent to the RADIUS server before a failure is considered to have occurred.
(Range: 1 to 10, default: 3)
timeout timeout—(Optional) Specifies the number of seconds that the switch waits for an answer from the RADIUS server before retrying the
query, or switching to the next server. If there is no value entered in this field, the switch uses the default timeout value.
(Range: 1 to 30, default: 3)
usg-type {802.1x | all | login}—(Optional) Specifies the authentication type of the RADIUS server. The possible values are:
-
802.1x—The RADIUS server is used for 802.1x port authentication.
-
all—The RADIUS server is used for user login authentication and 802.1x port authentication.
-
login—The RADIUS server is used for user login authentication (authenticating users that want to administer the switch).
Default Configuration
The default authentication port number is 1812.
If timeout is not specified, the global value (set in the radius-server default-param command) is used.
If retransmit is not specified, the global value (set in the radius-server default-param command) is used.
If key-string is not specified, the global value (set in the radius-server default-param command) is used.
If a parameter was not set in one of the above commands, the default for that command is used. For example, if a timeout value
was not set in the current command, the default timeout set in the radius-server default-param command is used.
The default authentication type is all.
Command Mode
Global Configuration mode
User Guidelines
To specify multiple hosts, this command is used for each host.
Example
The following example specifies a RADIUS server with IP address 192.168.10.1, authentication request port number 20, and a
20-second timeout period:
switchxxxxxx(config)# radius-server host radiusserver1 auth-port 20 timeout 20
Feedback