Overview

RADIUS (Remote Authentication Dial-In User Service) enables you to use up to fifteen servers and maintain separate authentication and accounting for each RADIUS server employed.

Authentication with RADIUS allows for a unique password for each user, instead of the need to maintain and distribute switch-specific passwords to all users. RADIUS verifies identity for the following types of primary password access to the switch:
  • Serial port (console)

  • Telnet

  • SSH

  • SFTP/SCP

  • WebAgent

  • Port-Access (802.1X)

NOTE:

The switch does not support RADIUS security for SNMP (network management) access. For information on blocking access through the WebAgent, see Controlling WebAgent access.

Switches support RADIUS accounting for web-based authentication and MAC authentication sessions, collecting resource consumption data and forwarding it to the RADIUS server. This data can be used for trend analysis, capacity planning, billing, auditing, and cost analysis.

RADIUIS-administered commands authorization enables RADIUS server control of an authenticated client's access to CLI commands on the switch. See Commands authorization.