Remote AAA RADIUS server configuration requirements
Have an IPv4/IPv6 address or fully qualified domain name (FQDN) that is visible to the switch.
Have a passkey (shared secret) that matches what is configured on the switch.
Provide username and password definitions for every switch user. Remote users do not require definition on the switch.
Use the
Service-TypeRADIUS attribute with the following values (as defined in RFC 2865):7(NAS-Prompt): for users requiring the Operators role.6(Administrative): for users requiring the Administrators role.Any other
Service-Typevalue results in the user being denied access.
Consult your RADIUS server documentation for installation and general configuration details.
If SSH public key authentication is used, the key information is stored locally on the switch, making username and password definition on the RADIUS server unnecessary.