Configuring Web-Based Authentication
• When you configure the RADIUS server parameters:
Web-Based Authentication Configuration Task List
Configuring the Authentication Rule and Interfaces
Examples in this section are legacy-style configurations. For new-style configurations, see the Session Aware
Networking Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Follow these steps to configure the authentication rule and interfaces:
OL-29048-01
◦ Host IP address
◦ Host name and specific UDP port numbers
◦ IP address and specific UDP port numbers
The combination of the IP address and UDP port number creates a unique identifier, that enables RADIUS
requests to be sent to multiple UDP ports on a server at the same IP address. If two different host entries
on the same RADIUS server are configured for the same service (for example, authentication) the second
host entry that is configured functions as the failover backup to the first one. The RADIUS host entries
are chosen in the order that they were configured.
◦ Specify the key string on a separate command line.
◦ For key string, specify the authentication and encryption key used between the switch and the
RADIUS daemon running on the RADIUS server. The key is a text string that must match the
encryption key used on the RADIUS server.
◦ When you specify the key string, use spaces within and at the end of the key. If you use spaces in
the key, do not enclose the key in quotation marks unless the quotation marks are part of the key.
This key must match the encryption used on the RADIUS daemon.
◦ You can globally configure the timeout, retransmission, and encryption key values for all RADIUS
servers by using with the radius-server host global configuration command. If you want to
configure these options on a per-server basis, use the radius-server timeout, radius-server transmit,
and the radius-server key global configuration commands. For more information, see the Cisco
IOS Security Configuration Guide, Release 12.4 and the Cisco IOS Security Command Reference,
Release 12.4.
You need to configure some settings on the RADIUS server, including: the switch IP
Note
address, the key string to be shared by both the server and the switch, and the
downloadable ACL (DACL). For more information, see the RADIUS server
documentation.
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
Web-Based Authentication Configuration Task List
371