Remote AAA RADIUS server configuration requirements

The user-supplied RADIUS server must:
  • Have an IPv4/IPv6 address or fully qualified domain name (FQDN) that is visible to the switch.

  • Have a passkey (shared secret) that matches what is configured on the switch.

  • Provide username and password definitions for every switch user. Remote users do not require definition on the switch.

  • Use the Service-Type RADIUS attribute with the following values (as defined in RFC 2865):

    • 7 (NAS-Prompt): for users requiring the Operators role.

    • 6 (Administrative): for users requiring the Administrators role.

    • Any other Service-Type value results in the user being denied access.


Consult your RADIUS server documentation for installation and general configuration details.


If SSH public key authentication is used, the key information is stored locally on the switch, making username and password definition on the RADIUS server unnecessary.