Reset Search



How to configure RADIUS on SecureStacks for switch user login

« Go Back


TitleHow to configure RADIUS on SecureStacks for switch user login
How to configure RADIUS on SecureStacks for switch user login
  • SecureStack
  • B5-Series
  • C5-Series
  • C3-Series
  • B3-Series
  • All Firmware version on the B5/C5 Series
  • or greater on the B3/C3 Series
Here's an example RADIUS configuration used for switch management:
set radius server 1 1812 <SHARED_SECRET> realm management-access
set radius server 2 1812 <SHARED_SECRET> realm management-access
set radius enable
  • By default, RADIUS login to the switch tries 3 times with 20-second timeout periods per attempt. These can be changed if desired:
set radius timeout <SECONDS>
set radius retries <NUMBER_OF_RETRIES>
  • If the RADIUS Server is responding with any type of response, such as access-reject, the switch will not fail over to the local user account on the switch as the session has been sent a rejection.
  • To allow a user session to not use RADIUS (and instead local database), you can configure the "local-only" option under the system account:
set system login <USERNAME> super-user enable local-only yes
  • If during RADIUS configuration attempts you get locked out of the switch, you will need the local user account credentials and disconnect the path from the switch to the RADIUS Server so the access reject cannot be sent
  • If there is zero response from RADIUS server during a login attempt, the login will fail back to local user accounts configured
Additional notes
The policy on the RADIUS server must be configured to send back a filter-ID with the accept packet. See below for syntax and options.
Filter ID:
access-mgmtTypes supported are: ro (read-only), rw (read-write), and su (super-user).



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255