Cisco WS-C4003 Software Guide - Page 378
Enabling RADIUS Authentication, Step 1
View all Cisco WS-C4003 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 378 highlights
Configuring Authentication Chapter 27 Configuring Switch Access Using AAA Enabling RADIUS Authentication Note Specify at least one RADIUS server before enabling RADIUS authentication on the switch. For information on specifying a RADIUS server, see the "Specifying RADIUS Servers" section on page 27-23. You can enable RADIUS authentication for login and enable access to the switch. If desired, you can use the console and telnet keywords to specify that RADIUS authentication be used only on console or Telnet connections. If you are using both RADIUS and TACACS+, you can use the primary keyword to force the switch to try RADIUS authentication first. To configure RADIUS authentication, perform this task in privileged mode: Step 1 Step 2 Step 3 Step 4 Task Command Enable RADIUS authentication for normal login set authentication login radius enable [all | mode. console | http | telnet] [primary] Enable RADIUS authentication for enable mode. set authentication enable radius enable [all | console | http | telnet] [primary] Create a user $enab15$ on the RADIUS server, See the Note below for additional information. and assign a password to that user. Verify the RADIUS configuration. show authentication Note To use RADIUS authentication for enable mode, you will need to create a user $enab15$ on the RADIUS server, and assign a password to that user. This user needs to be created in addition to your assigned username and password on the RADIUS server (example: username john, password hello.) After you log in to the Catalyst 6000 family switch with your assigned username and password (john/hello), you can enter enable mode using the password assigned to the $enab15$ user. If your RADIUS server does not support the $enab15$ username, you can set the service-type attribute (attribute 6) to Administrative (value 6) for a RADUIS user to directly launch the user into enable mode without asking for a separate enable password. This example shows how to enable RADIUS authentication and verify the configuration: Console> (enable) set authentication login radius enable radius login authentication set to enable for console and telnet session. Console> (enable) set authentication enable radius enable radius enable authentication set to enable for console and telnet session. Console> (enable) show authentication Login Authentication tacacs radius local Console Session disabled enabled(primary) enabled Telnet Session disabled enabled(primary) enabled Enable Authentication: Console Session Telnet Session 27-24 Software Configuration Guide-Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 78-12647-02