Cisco Systems SRW248G4PK9NA User Manual

Configuring RADIUS

311

Cisco Small Business 300 Series Managed Switch Administration Guide 

Remote Authorization Dial-In User Service (RADIUS) servers provide a centralized 
802.1X or MAC-based network access control. The device is a RADIUS client that 
can use a RADIUS server to provide centralized security. 

An organization can establish a Remote Authorization Dial-In User Service 
(RADIUS) server to provide centralized 802.1X or MAC-based network access 
control for all of its devices. In this way, authentication and authorization can be 
handled on a single server for all devices in the organization.

The device can act as a RADIUS client that uses the RADIUS server for the 
following services:

•

Authentication—Provides authentication of regular and 802.1X users 
logging onto the device by using usernames and user-defined passwords. 

•

Authorization—Performed at login. After the authentication session is 
completed, an authorization session starts using the authenticated 
username. The TACACS+ server then checks user privileges.

•

Accounting—Enable accounting of login sessions using the RADIUS server. 
This enables a system administrator to generate accounting reports from 
the RADIUS server.

The user can enable accounting of login sessions using either a RADIUS or 
TACACS+ server. 

The user-configurable, TCP port used for RADIUS server accounting is the same 
TCP port that is used for RADIUS server authentication and authorization.

The following defaults are relevant to this feature:

•

No default RADIUS server is defined by default. 

•

If you configure a RADIUS server, the accounting feature is disabled by 
default.