Configuring the switch to access a RADIUS server

Configuring a RADIUS server to support web-based authentication and MAC Authentication require the following minimal commands:

(See RADIUS Authentication, Authorization, and Accounting for information on other RADIUS command options.)

Syntax:

radius-server
no radius-server

[host <ip-addresss>]

Adds a server to the RADIUS configuration or, when no is used, deletes a server from the configuration. You can configure up to three RADIUS server addresses. The switch uses the first server it successfully accesses. (See RADIUS Authentication, Authorization, and Accounting).


[key <global-key-string>]

Specifies the global encryption key the switch uses with servers for which the switch does not have a server specific key assignment (below). This key is optional if all RADIUS server addresses configured in the switch include a server-specific encryption key. The tilde (~) character is allowed in the string, for example, radius server key aruba~switch. It is not backward compatible; the “~” character is lost if you use a software version that does not support the “~” character.

(Default: Null.)

Syntax:


radius-server host <ip-address> key <server-specific key-string> 
 
no radius-server host <ip-address> key

Optional.

Specifies an encryption key for use during authentication (or accounting) sessions with the specified server. This key must match the encryption key used on the RADIUS server. Use this command only if the specified server requires a different encryption key than configured for the global encryption key, above. The tilde (~) character is allowed in the string. It is not backward compatible; the “~” character is lost if you use a software version that does not support the “~” character.

The no form of the command removes the key configured for a specific server.

For example, to configure the switch to access a RADIUS server at IP address 192.168.32.11 using a server specific shared secret key of ‘1A7rd’:

Configure the switch to access a RADIUS server

switch(config)# radius-server host 192.168.32.11
switch(config)# radius-server host 192.168.32.11 key 1A7rd

switch(config)# show radius

 Status and Counters - General RADIUS Information

  Deadtime(min) : 0
  Timeout(secs) : 5
  Retransmit Attempts : 3
  Global Encryption Key :
  Dynamic Authorization UDP Port :

                  Auth Acct DM/ Time
  Server IP Addr  Port Port CoA Window Encryption Key
  --------------- ---- ---- --- ------ ---------------------
  192.168.32.11   1812 1813            1A7rd