Support User Manuals

Cisco Systems 2960 Model Vehicle User Manual

Open as PDF

of 1004

9-38

Catalyst 2960 and 2960-S Switch Software Configuration Guide

OL-8603-09

Chapter 9 Configuring Switch-Based Authentication

Controlling Switch Access with RADIUS

Note For a complete list of RADIUS attributes or more information about vendor-specific attribute 26, see the

“RADIUS Attributes” appendix in the Cisco IOS Security Configuration Guide, Release 12.2 from the

Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command

References.

Configuring the Switch for Vendor-Proprietary RADIUS Server Communication

Although an IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary

information between the switch and the RADIUS server, some vendors have extended the RADIUS

attribute set in a unique way. Cisco IOS software supports a subset of vendor-proprietary RADIUS

attributes.

As mentioned earlier, to configure RADIUS (whether vendor-proprietary or IETF draft-compliant), you

must specify the host running the RADIUS server daemon and the secret text string it shares with the

switch. You specify the RADIUS host and secret text string by using the radius-server global

configuration commands.

Beginning in privileged EXEC mode, follow these steps to specify a vendor-proprietary RADIUS server

host and a shared secret text string:

Step 4

show running-config Verify your settings.

Step 5

copy running-config startup-config (Optional) Save your entries in the configuration file.

Command Purpose

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

radius-server host {hostname | ip-address} non-standard Specify the IP address or hostname of the remote

RADIUS server host and identify that it is using a

vendor-proprietary implementation of RADIUS.

Step 3

radius-server key string Specify the shared secret text string used between the

switch and the vendor-proprietary RADIUS server.

The switch and the RADIUS server use this text

string to encrypt passwords and exchange responses.

Note The key is a text string that must match the

encryption key used on the RADIUS server.

Leading spaces are ignored, but spaces within

and at the end of the key are used. If you use

spaces in your key, do not enclose the key in

quotation marks unless the quotation marks

are part of the key.

Step 4

end Return to privileged EXEC mode.

Step 5

show running-config Verify your settings.

Step 6

copy running-config startup-config (Optional) Save your entries in the configuration file.

previous next