Enterasys Networks D2G124-12P Benutzerhandbuch
set radius
D-Series CLI Reference 15-5
set radius
Use this command to enable, disable, or configure RADIUS authentication.
Syntax
set radius {enable | disable} | {retries number-of-retries} | {timeout timeout} |
{server index ip-address port [secret-value] [realm {management-access | any |
network-access}} | {realm {management-access | any | network-access} {index| all}}
{server index ip-address port [secret-value] [realm {management-access | any |
network-access}} | {realm {management-access | any | network-access} {index| all}}
Parameters
Defaults
If secret‐value is not specified, none will be applied.
If realm is not specified, the any access realm will be used.
Mode
Switch command, read‐write.
Usage
The D‐Series device allows up to 10 RADIUS accounting servers to be configured, with up to two
servers active at any given time.
servers active at any given time.
The RADIUS client can only be enabled on the switch once a RADIUS server is online, and its IP
address(es) has been configured with the same password the RADIUS client will use.
address(es) has been configured with the same password the RADIUS client will use.
enable | disable
Enables or disables the RADIUS client.
retries number‐of‐
retries
retries
Specifies the number of retry attempts before the RADIUS server times out.
Valid values are from 0 to 10. Default is 3.
Valid values are from 0 to 10. Default is 3.
timeout timeout
Specifies the maximum amount of time (in seconds) to establish contact
with the RADIUS server before retry attempts begin. Valid values are from
1 to 30. Default is 20 seconds.
with the RADIUS server before retry attempts begin. Valid values are from
1 to 30. Default is 20 seconds.
server index
ip_address port
ip_address port
Specifies the index number, IP address and the UDP authentication port for
the RADIUS server.
the RADIUS server.
secret‐value
(Optional) Specifies an encryption key to be used for authentication
between the RADIUS client and server.
between the RADIUS client and server.
realm
management‐
access | any |
network‐access
management‐
access | any |
network‐access
Realm allows you to define who has to go through the RADIUS server for
authentication.
authentication.
•
management‐access: This means that anyone trying to access the switch
(Telnet, SSH, Local Management) has to authenticate through the
RADIUS server.
(Telnet, SSH, Local Management) has to authenticate through the
RADIUS server.
•
network‐access: This means that all the users have to authenticate to a
RADIUS server before they are allowed access to the network.
RADIUS server before they are allowed access to the network.
•
any: Means that both management‐access and network‐access have
been enabled.
been enabled.
Note: If the management-access or any access realm has been configured, the
local “admin” account is disabled for access to the switch using the console, Telnet,
or Local Management. Only the network-access realm allows access to the local
“admin” account.
local “admin” account is disabled for access to the switch using the console, Telnet,
or Local Management. Only the network-access realm allows access to the local
“admin” account.
index | all
Applies the realm setting to a specific server or to all servers.