Chapter 11
Configuring Switch-Based Authentication
Controlling Switch Access with RADIUS
A RADIUS server and the switch use a shared secret text string to encrypt passwords and exchange
responses. To configure RADIUS to use the AAA security commands, you must specify the host running
the RADIUS server daemon and a secret text (key) string that it shares with the switch.
The timeout, retransmission, and encryption key values can be configured globally for all RADIUS
servers, on a per-server basis, or in some combination of global and per-server settings. To apply these
settings globally to all RADIUS servers communicating with the switch, use the three unique global
configuration commands: radius-server timeout, radius-server retransmit, and radius-server key.
To apply these values on a specific RADIUS server, use the radius-server host global configuration
command.
If you configure both global and per-server functions (timeout, retransmission, and key commands) on
Note
the switch, the per-server timer, retransmission, and key value commands override global timer,
retransmission, and key value commands. For information on configuring these settings on all RADIUS
servers, see the
"Configuring Settings for All RADIUS Servers" section on page
11-29.
You can configure the switch to use AAA server groups to group existing server hosts for authentication.
For more information, see the
"Defining AAA Server Groups" section on page
11-25.
Cisco IE 3000 Switch Software Configuration Guide
11-21
OL-13018-03