Cisco MDS-9124 Troubleshooting Guide - Page 334
Verifying RADIUS Configuration Using Fabric Manager, Switches > Security > AAA > RADIUS
View all Cisco MDS-9124 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 334 highlights
AAA Issues Chapter 17 Troubleshooting RADIUS and TACACS+ Send documentation comments to [email protected] Verifying RADIUS Configuration Using Fabric Manager To verify or change the RADIUS configuration using Fabric Manager, follow these steps: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Choose Switches > Security > AAA > RADIUS and select the Servers tab. You see the RADIUS configuration in the Information pane. Highlight the server that you need to change and click Delete Row to delete this server configuration. Click Create Row to add a new RADIUS server. Set the KeyType and Key fields to the preshared key configured on the RADIUS server. Set the AuthPort and AcctPort fields to the authentication and accounting ports configured on the RADIUS server. Set the TimeOut value and click Apply to save these changes. Select the CFS tab and select commit from the Config Action drop-down menu and click Apply Changes to distribute these changes to all switches in the fabric. Verifying RADIUS Configuration Using the CLI To verify or change the RADIUS configuration using the CLI, follow these steps: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Use the show radius-server command to display configured RADIUS parameters. switch# show radius-server Global RADIUS shared secret:******* retransmission count:5 timeout value:10 following RADIUS servers are configured: myradius.cisco.users.com: available for authentication on port:1812 available for accounting on port:1813 10.1.1.1: available for authentication on port:1812 available for accounting on port:1813 RADIUS shared secret:****** 10.2.2.3: available for authentication on port:1812 available for accounting on port:1813 RADIUS shared secret:****** Use the radius-server host ip-address key command to set the preshared key to match what is configured on your RADIUS server. Use the radius-server host ip-address auth-port command to set the authentication port to match what is configured on your RADIUS server. Use the radius-server host ip-address acc-port command to set the accounting port to match what is configured on your RADIUS server. Use the radius-server timeout command to set the period in seconds for the switch to wait for a response from all RADIUS servers before the switch declares a timeout failure. Use the radius commit command to commit any changes and distribute to all switches in the fabric. 17-4 Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x OL-9285-05