3.10.20 RADIUS Server Configuration

Use this command to set default values to be used for every new RADIUS server being added when the same parameters are left blank.

Command Syntax:

radius-server timeout <seconds>
radius-server retransmit <retries>
radius-server deadtime <minutes>
radius-server key { [ unencrypted ] <unencrypted_key> | encrypted <encrypted_key> }
radius-server attribute 4 <ipv4>
radius-server attribute 95 <ipv6>
radius-server attribute 32 <id>

Table 3-61. Command Description
	Argument	Description
Parameter	`<seconds>`	Time to wait for a RADIUS server to reply, in seconds (1–1000), before retransmitting the request. The default value is 5.
	`<retries>`	The number of times a request is retransmitted to a server that is not responding, the value ranges from 1–1000. The default value is 3.
	`<minutes>`	Period between 0 and 1440 minutes during which the switch will not send a new request to a server that failed to respond to previous requests (dead). The default value is 0.
	`<unencrypted_key> <encrypted_key>`	Specify the unencrypted or encrypted key up to 63 characters long.
	`<ipv4>`	IPv4 address to be used as attribute 4 in RADIUS Access-Request packets. If this field is left blank, the IP address of the outgoing interface is used.
	`<ipv6>`	IPv6 address to be used as attribute 95 in RADIUS Access-Request packets. If this field is left blank, the IP address of the outgoing interface is used.
	`<id>`	The identifier - up to 253 characters long - to be used as attribute 32 in RADIUS Access-Request packets. If this field is left blank, the NAS-Identifier is not included in the packet.
Default	N.A
Mode	Global Configuration mode
Usage	Configure default global parameters for RADIUS Server. To revert to the default, use the ‘no’ version of the command.
Example	Example 1: `# configure terminal (config)# radius-server timeout 10 (config)# radius-server retransmit 3 (config)# radius-server deadtime 10 (config)# radius-server key unencrypted secret`

Use this command to add a new RADIUS server. Up to 5 servers can be added.

radius-server host <host_name> [ auth-port <auth_port> ] [ acct-port <acct_port> ] [ timeout <seconds> ] [ retransmit <retries> ] [ key { [ unencrypted ] <unencrypted_key> | encrypted <encrypted_key> } ]

Table 3-62. Command Description
	Argument	Description
Parameter	`<host_name>`	IPv4/IPv6 address or the hostname of the radius server
	`<auth_port>`	UDP port number to use on the RADIUS server for authentication. To disable authentication, set the value to 0.
	`<acct_port>`	UDP port number to use on the RADIUS server for accounting. To disable accounting, set value to 0.
	`timeout <seconds>`	Time to wait for this RADIUS server to reply (overrides default).
	`retransmit <retries>`	Specify the number of retries to active server (overrides default).
	`<unencrypted_key>` `<encrypted_key>`	The unencrypted (plain text) or an encrypted secret key.
Default	N.A
Mode	Global Configuration mode
Usage	Configure custom parameters for RADIUS Server. To delete the server entry, use the ‘no’ version of the command.
Example	Example 1: `# configure terminal (config)# radius-server host radiusserver auth-port 1812 timeout 20 retransmit 5`