TP-Link T1600G-18TS Jetstream Smart Switches User Guide - Page 642
Using the CLI, Adding Servers, Adding RADIUS Server
View all TP-Link T1600G-18TS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 642 highlights
Configuring AAA AAA Configuration 2.2 Using the CLI 2.2.1 Adding Servers You can add one or more RADIUS/TACACS+ servers on the switch for authentication. If multiple servers are added, the server with the highest priority authenticates the users trying to access the switch, and the others act as backup servers in case the first one breaks down. ■■ Adding RADIUS Server Follow these steps to add RADIUS server on the switch: Step 1 configure Enter global configuration mode. Step 2 radius-server host ip-address [ auth-port port-id ] [ acct-port port-id ] [ timeout time ] [ retransmit number ] [ nas-id nas-id ] key { [ 0 ] string | 7 encrypted-string } Add the RADIUS server and configure the related parameters as needed. host ip-address: Enter the IP address of the server running the RADIUS protocol. auth-port port-id: Specify the UDP destination port on the RADIUS server for authentication requests. The default setting is 1812. acct-port port-id: Specify the UDP destination port on the RADIUS server for accounting requests. The default setting is 1813. Usually, it is used in the 802.1X feature. timeout time: Specify the time interval that the switch waits for the server to reply before resending. The valid values are from 1 to 9 seconds and the default setting is 5 seconds. retransmit number: Specify the number of times a request is resent to the server if the server does not respond. The valid values are from 1 to 3 and the default setting is 2. nas-id nas-id: Specify the name of the NAS (Network Access Server) to be contained in RADIUS packets for identification. It ranges from 1 to 31 characters. The default value is the MAC address of the switch. Generally, the NAS indicates the switch itself. key { [ 0 ] string | 7 encrypted-string }: Specify the shared key. 0 and 7 represent the encryption type. 0 indicates that an unencrypted key will follow. 7 indicates that a symmetric encrypted key with a fixed length will follow. By default, the encryption type is 0. string is the shared key for the switch and the server, which contains 32 characters at most. encrypted-string is a symmetric encrypted key with a fixed length, which you can copy from the configuration file of another switch. The key or encrypted-key you configure here will be displayed in the encrypted form. Step 3 show radius-server Verify the configuration of RADIUS server. Step 4 end Return to privileged EXEC mode. User Guide 617