radius-server key


radius-server key {plaintext <GLOBAL-PASSKEY> | ciphertext <GLOBAL-PASSKEY>}

no radius-server key


Creates or modifies a RADIUS global passkey. The RADIUS global passkey is used as a shared-secret for encrypting the communication between all RADIUS servers and the switch. The RADIUS global passkey is required for authentication unless local passkeys have been set. By default, the RADIUS global passkey is empty. If the administrator has not set this key, the switch will not be able to perform RADIUS authentication. The switch will instead rely on the authentication mechanism configured with aaa authentication login default.

The no form of the command removes the global passkey.




plaintext <GLOBAL-PASSKEY>

Specifies the RADIUS global passkey in plaintext format with a length of 1 to 31 characters. As per RFC 2865, a shared-secret can be a mix of alphanumeric and special characters.

ciphertext <GLOBAL-PASSKEY>

Specifies the RADIUS global passkey in encrypted format.




Adding the global passkey:

switch(config)# radius-server key plaintext mypasskey123

Removing the global passkey:

switch(config)# no radius-server key