4.10.3.1 AAA RADIUS Configuration

The RADIUS Server Configuration page allows you to configure up to five RADIUS servers.

Figure 4-55. RADIUS Server Configuration

The RADIUS Server Configuration page has the following parameters:

  • Global Configuration
    • Timeout: Timeout is the number of seconds, in the range 1–1000, to wait for a reply from a RADIUS server before retransmitting the request
    • Retransmit: Retransmit is the number of times, in the range 1–1000, a RADIUS request is retransmitted to a server that is not responding. If the server has not responded after the last retransmit, it is considered to be dead.
    • Deadtime: Deadtime, which can be set to a number between 0–1440 minutes, is the period during which the switch does not send new requests to a server that has failed to respond to a previous request. This stops the switch from continually trying to contact a server that it has already determined as dead. Setting the Deadtime to a value greater than 0 (zero) enables this feature, but only if more than one server has been configured.
    • Change Secret Key: Specify whether to change the secret key or not. When Yes is selected for the option, you can change the secret key up to 63 characters long, shared between the RADIUS server and the switch.
    • NAS-IP-Address (Attribute 4): The IPv4 address to be used as attribute 4 in RADIUS Access-Request packets. If this field is left blank, the IP address of the outgoing interface is used.
    • NAS-IPv6-Address (Attribute 95): The IPv6 address to be used as attribute 95 in RADIUS Access-Request packets. If this field is left blank, the IP address of the outgoing interface is used.
    • NAS-Identifier (Attribute 32): This identifier is up to 253 characters long and used as attribute 32 in RADIUS Access-Request packets. If this field is left blank, then the NAS-Identifier is not included in the packet.
  • Server Configuration
    • Delete: To delete a RADIUS server entry, check this box. The entry is deleted during the next save
    • Hostname: The IPv4/IPv6 address or hostname of the RADIUS server
    • Auth Port: The UDP port to use on the RADIUS server for authentication. Set to 0 to disable authentication.
    • Acct Port: The UDP port to use on the RADIUS server for accounting. Set to 0 to disable accounting.
    • Timeout: This optional setting overrides the global timeout value
    • Retransmit: This optional setting overrides the global retransmit value
    • Change Secret Key: Specify whether to change the secret key or not. When the checkbox is checked, you can change the setting overrides the global key.