beautypg.com

Adding a radius server to the client server list – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

Page 284

background image

RADIUS server parameters (Continued)

TABLE 49

Parameter

Description

protocol

The authentication protocol to be used. Options include CHAP, PAP, and PEAP. The
default protocol is CHAP. IPv6 hosts are not supported if PEAP is the configured
protocol.

key

The shared secret between the switch and the RADIUS server. The default value is
"sharedsecret." The key cannot contain spaces and must be from 8 through 40
characters in length. Empty keys are not supported.

retries

The number of attempts permitted to connect to a RADIUS server. The range is 0
through 100, and the default value is 5.

timeout

Time to wait for a server to respond. The range is 1 through 60 seconds. The default
value is 5 seconds.

encryption-level

Whether the encryption key should be stored in clear-text or in encrypted format.
Default is 7 (encrypted). Possible values are 0 or 7, where 0 represents store the key
in clear-text format and 7 represents encrypted format.

NOTE
If you do not configure the key attribute, the authentication session will not be encrypted. The value of
the key attribute must match the value configured in the RADIUS configuration file; otherwise, the
communication between the server and the switch fails.

Refer also to:

Adding a RADIUS server to the client server list

on page 284

Modifying the client-side RADIUS server configuration

on page 285

Configuring the client to use RADIUS for login authentication

on page 285

Adding a RADIUS server to the client server list

You must configure the Domain Name System (DNS) server on the switch prior to adding the RADIUS
server with a domain name or a host name. Without the DNS server, name resolution of the RADIUS
server fails and therefore the add operation fails. Use the ip dns command to configure the DNS
server.

NOTE
When a list of servers is configured on the switch, failover from one server to another server happens
only if a RADIUS server fails to respond; it does not happen when user authentication fails.

1. In privileged EXEC mode, use the configure terminal command to enter global configuration

mode.

switch# configure terminal

Entering configuration mode terminal

2. Enter radius-server command with the specified parameters.

switch(config)# radius-server host 10.38.37.180 protocol pap key

"new#virgo*secret" timeout 10

Once you run this command, you are placed into the AAA server configuration submode where you
can specify additional parameters.

Adding a RADIUS server to the client server list

284

Network OS Administrator’s Guide

53-1003225-04

See also other documents in the category Brocade Computer Accessories: