Reset Search
 

 

Article

How to configure RADIUS on SecureStacks for switch user login

« Go Back

Information

 
TitleHow to configure RADIUS on SecureStacks for switch user login
Objective
How to configure RADIUS on SecureStacks for switch user login
Environment
  • SecureStack
  • B5-Series
  • C5-Series
  • C3-Series
  • B3-Series
  • All Firmware version on the B5/C5 Series
  • 6.61.14.0006 or greater on the B3/C3 Series
Procedure
Here's an example RADIUS configuration used for switch management:
set radius server 1 192.168.0.2 1812 <SHARED_SECRET> realm management-access
set radius server 2 192.168.0.3 1812 <SHARED_SECRET> realm management-access
set radius enable
  • By default, RADIUS login to the switch tries 3 times with 20-second timeout periods per attempt. These can be changed if desired:
set radius timeout <SECONDS>
set radius retries <NUMBER_OF_RETRIES>
  • If the RADIUS Server is responding with any type of response, such as access-reject, the switch will not fail over to the local user account on the switch as the session has been sent a rejection.
  • To allow a user session to not use RADIUS (and instead local database), you can configure the "local-only" option under the system account:
set system login <USERNAME> super-user enable local-only yes
  • If during RADIUS configuration attempts you get locked out of the switch, you will need the local user account credentials and disconnect the path from the switch to the RADIUS Server so the access reject cannot be sent
  • If there is zero response from RADIUS server during a login attempt, the login will fail back to local user accounts configured
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255