Configuring Authentication
Enabling RADIUS Authentication
Specify at least one RADIUS server before enabling RADIUS authentication on the switch. For
Note
information on specifying a RADIUS server, see the
page
You can enable RADIUS authentication for login and enable access to the switch. If desired, you can use
the console and telnet keywords to specify that RADIUS authentication be used only on console or
Telnet connections. If you are using both RADIUS and TACACS+, you can use the primary keyword to
force the switch to try RADIUS authentication first.
To configure RADIUS authentication, perform this task in privileged mode:
Task
Step 1
Enable RADIUS authentication for normal login
mode.
Step 2
Enable RADIUS authentication for enable mode. set authentication enable radius enable [all |
Step 3
Create a user $enab15$ on the RADIUS server,
and assign a password to that user.
Step 4
Verify the RADIUS configuration.
To use RADIUS authentication for enable mode, you will need to create a user $enab15$ on the RADIUS
Note
server, and assign a password to that user. This user needs to be created in addition to your assigned
username and password on the RADIUS server (example: username john, password hello.) After you log
in to the Catalyst 6000 family switch with your assigned username and password (john/hello), you can
enter enable mode using the password assigned to the $enab15$ user.
If your RADIUS server does not support the $enab15$ username, you can set the service-type attribute
(attribute 6) to Administrative (value 6) for a RADUIS user to directly launch the user into enable mode
without asking for a separate enable password.
This example shows how to enable RADIUS authentication and verify the configuration:
Console> (enable) set authentication login radius enable
radius login authentication set to enable for console and telnet session.
Console> (enable) set authentication enable radius enable
radius enable authentication set to enable for console and telnet session.
Console> (enable) show authentication
Login Authentication:
---------------------
tacacs
radius
local
Enable Authentication: Console Session
---------------------- ----------------- ----------------
Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4
27-24
27-23.
Console Session
----------------
disabled
enabled(primary)
enabled
Chapter 27
Configuring Switch Access Using AAA
"Specifying RADIUS Servers" section on
Command
set authentication login radius enable [all |
console | http | telnet] [primary]
console | http | telnet] [primary]
See the Note below for additional information.
show authentication
Telnet Session
----------------
disabled
enabled(primary)
enabled
Telnet Session
78-12647-02