RADIUS shared-secret key authentication

You can use RADIUS servers as the primary authentication method for users who request access to a switch through Telnet, SSH, console, or port access (802.1X). The shared secret key is a text string used to encrypt data in RADIUS packets transmitted between a switch and a RADIUS server during authentication sessions. Both the switch and the server have a copy of the key; the key is never transmitted across the network.

RADIUS shared secret (encryption) keys can be saved in a configuration file by entering this command:


switch(config)# radius-server key <keystring>

The option <keystring> is the encryption key (in clear text) used for secure communication with all or a specific RADIUS server.