Local radius server introduction, Enable the local radius server – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Local RADIUS Server Introduction and Configuration

Software Reference for x310 Series Switches

50.2

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

Local RADIUS Server Introduction

Local RADIUS Server provides a user authentication service feature. This feature must be
enabled on the switch, because it is disabled by default. For details of commands used to
configure the local RADIUS server, see

Chapter 51, Local RADIUS Server Commands

.

Enable the Local RADIUS Server

The Local RADIUS Server is disabled by default. Enter the following commands to enable
the Local RADIUS Server:

This will automatically initialize the internal Certificate Authority (CA) in the switch. It will
also automatically create a server certificate and enroll the certificate with the Local CA by
implicitly executing the following commands:

The crypto pki trustpoint local command declares the Local CA as the CA from which to
obtain Certificates. The Local CA has be defined first so Certificates can be obtained from
it. The crypto pki enroll local command obtains the system certificate from the Local CA.

The switch is automatically added to the list of authenticators that may send
authentication requests to the Local RADIUS Server by implicitly executing the following
commands:

awplus#

configure terminal

awplus(config)#

radius-server local

awplus(config-radsrv)#

server enable

awplus(config)#

crypto pki trustpoint local

awplus(config)#

crypto pki enroll local

awplus#

configure terminal

awplus(config)#

radius-server local

awplus(config-radsrv)#

nas 127.0.0.1 key awplus-local-radius-
server

Note

The key awplus-local-radius-server is a pre-defined component that can be
used for internal exchanges between the switch’s RADIUS client and its RADIUS
server.