advertisement
DXS-3600-32S 10GbE Layer 2/3 Switch CLI Reference Guide
RADIUS Commands
45-1 radius-server host
This command is used to specify a RADIUS security server host. The no form of this command without parameter is used to delete the RADIUS server host. The no form of this command with the parameters is used to restore the specified parameter to default value.
radius-server host ip-address [auth-port port-number] [acct-port port-number] [retransmit retries] [timeout
seconds] [key text-string]
no radius-server host ip-address [auth-port | acct-port | retransmit | timout | key]
Parameters
ip-address
auth-port
port-number
acct-port
port-number
key
text-string
retransmit
retries
timeout seconds
Specifies the IP address of the RADIUS security server host.
Specifies the UDP port used for RADIUS authentication. If not specified, the port number defaults to 1812.
Specifies the number of the UDP port used for RADIUS authentication. The range is
1 to 65535.
Specifies the UDP port used for RADIUS accounting. If not specified, the port number defaults to 1813.
Specifies the number of the UDP port used for RADIUS accounting. The range is 1 to 65535.
Specifies the shared password for the network access server (device) to communicate with the RADIUS security server.
Specifies the text of the shared password. The maximum length of the key is 32.
Specifies the number of packet retransmissions before the device considers that the
RADIUS security server does not respond.
Specifies the number of retransmissions in the range 1 to100.
Specifies to set the time for the device to wait for a response from the security server after retransmitting the RADIUS packet.
Specifies the timeout in the range 1 to1000 seconds.
Default
No RADIUS host is specified.
Command Mode
Global Configuration Mode.
Command Default Level
Level: 15
Usage Guideline
In order to implement the AAA security service using RADIUS, you must define a
RADIUS security server. You can define one or more RADIUS security servers using the radius-server command.
Example
This example shows how to define a RADIUS security server host.
DXS-3600-32S#configure terminal
DXS-3600-32S(config)#radius-server host 192.168.12.1
DXS-3600-32S(config)#
45-2 radius-server key
This command is used to define a shared password for the network access server (device) to communicate with the
RADIUS security server. The no form of this command is used to remove the shared password.
radius-server key text-string
no radius-server key
413
DXS-3600-32S 10GbE Layer 2/3 Switch CLI Reference Guide
Parameters
text-string
Specifies the text of the shared password. The maximum length of the key is 32.
Default
Command Mode
No shared password is specified.
Global Configuration Mode.
Command Default Level
Level: 15
Usage Guideline
A shared password is the basis for communications between the device and the
RADIUS security server. In order to allow the device to communicate with the
RADIUS security server, you must define the same shared password on the device and the RADIUS security server.
Example
This example shows how to define the shared password aaa for the RADIUS security server.
DXS-3600-32S#configure terminal
DXS-3600-32S(config)#radius-server key aaa
DXS-3600-32S(config)#
45-3 radius-server retransmit
This command is used to configure the number of packet retransmissions before the device considers that the RADIUS security server does not respond. The no form of this command is used to restore it to the default setting.
radius-server retransmit retries
no radius-server retransmit
Parameters
retries
Specifies the number of retransmissions in the range 1 to100.
Default
Command Mode
The default number of retransmissions is 3.
Global Configuration Mode.
Command Default Level
Level: 15
Usage Guideline
AAA uses the next method to authenticate users only when the current security server for authentication does not respond. When the device retransmits the
RADIUS packet for the specified times and the interval between every two retries is timeout, the device considers that the security sever does not respond.
Example
This example shows how to set the number of retransmissions to 4.
DXS-3600-32S#configure terminal
DXS-3600-32S(config)#radius-server retransmit 4
DXS-3600-32S(config)#
45-4 radius-server timeout
This command is used to set the time for the device to wait for a response from the security server after retransmitting the RADIUS packet. The no format of this command is used to restore it to the default setting.
radius-server timeout seconds
no radius-server timeout
414
DXS-3600-32S 10GbE Layer 2/3 Switch CLI Reference Guide
Parameters
seconds
Specifies the timeout value in the range of 1 to 1000 seconds.
Default
Command Mode
5 seconds.
Global Configuration Mode.
Command Default Level
Level: 15
Usage Guideline
Use this command to change the timeout of packet retransmission.
Example
This example shows how to set the timeout to 10 seconds.
DXS-3600-32S#configure terminal
DXS-3600-32S(config)#radius-server timeout 10
DXS-3600-32S(config)#
45-5 show radius statistics
This command is used to display the RADIUS statistics for accounting and authentication packets.
show radius statistics
Parameters
Default
None.
None.
Command Mode
Privileged EXEC Mode.
Command Default Level
Level: 15
Usage Guideline
Use this command to show all RADIUS statistics.
Example
This example shows the output for the show radius statistics command.
DXS-3600-32S#show radius statistics
RADIUS Server: 192.168.12.1: Auth-Port 1812, Acct-Port 1813
Auth. Acct.
Round Trip Time: 0 0
Access Requests: 0 NA
Access Accepts: 0 NA
Access Rejects: 0 NA
Access Challenges: 0 NA
Acct Request: NA 0
Acct Response: NA 0
Retransmissions: 0 0
Malformed Responses: 0 0
Bad Authenticators: 0 0
Pending Requests: 0 0
Timeouts: 0 0
Unknown Types: 0 0
Packets Dropped: 0 0
DXS-3600-32S#
Display Parameters
Auth.
Acct.
Round Trip Time
Access Requests
Description
Statistics for authentication packets.
Statistics for accounting packets.
The time interval (in hundredths of a second) between the most recent Response and the Request that matched it from this RADIUS server.
The number of RADIUS Access-Request packets sent to this server. This does not include retransmissions.
415
Display Parameters
Access Accepts
Access Rejects
Access Challenges
Acct Request
Acct Response
Retransmissions
Malformed Responses
Bad Authenticators
Pending Requests
Timeouts
Unknown Types
Packets Dropped
DXS-3600-32S 10GbE Layer 2/3 Switch CLI Reference Guide
Description
The number of RADIUS Access-Accept packets (valid or invalid) received from this server.
The number of RADIUS Access-Reject packets (valid or invalid) received from this server.
The number of RADIUS Access-Challenge packets (valid or invalid) received from this server.
The number of RADIUS Accounting-Request packets sent. This does not include retransmissions.
The number of RADIUS packets received on the accounting port from this server.
The number of RADIUS Request packets retransmitted to this RADIUS server.
Retransmissions include retries where the Identifier and Acct-Delay have been updated, as well as those in which they remain the same.
The number of malformed RADIUS Response packets received from this server.
Malformed packets include packets with an invalid length. Bad authenticators or
Signature attributes or unknown types are not included as malformed responses.
The number of RADIUS Response packets containing invalid authenticators or
Signature attributes received from this server.
The number of RADIUS Request packets destined for this server that have not yet timed out or received a response. This variable is incremented when an Request is sent and decremented due to receipt of an Response, a timeout or retransmission.
The number of timeouts to this server. After a timeout the client may retry to the same server, send to a different server, or give up. A retry to the same server is counted as a retransmit as well as a timeout. A send to a different server is counted as a Request as well as a timeout.
The number of RADIUS packets of unknown type which were received from this server.
The number of RADIUS packets of which were received from this server and dropped for some other reason.
45-6 show radius-server configuration
This command is used to display the RADIUS authentication & accounting server configuration.
show radius-server configuration
Parameters
Default
Command Mode
None.
None.
Privileged EXEC Mode.
Command Default Level
Level: 15
Usage Guideline
Use this command to show all RADIUS authentication & accounting server hosts.
416
DXS-3600-32S 10GbE Layer 2/3 Switch CLI Reference Guide
Example
This example shows the output for the show RADIUS authentication & accounting server hosts command.
DXS-3600-32S#show radius-server configuration
IP-Address Auth-Port Acct-Port Key Retransmit Timeout
-----------------------------------------------------------------------------
192.168.12.1 1812 1813
Default Key:aaa
Default Retransmit:4
Default Timeout:10
1 RADIUS server(s) in total
DXS-3600-32S#
Display Parameters
IP-Address
Auth-Port
Acct-Port
Key
Retransmit
Timeout
Default Key
Default Retransmit
Default Timeout
Description
IP address of the RADIUS security server host.
UDP port used for RADIUS authentication.
UDP port used for RADIUS accounting.
A shared password for the network access server (device) to communicate with the
RADIUS security server.
The number of packet retransmissions before the device considers that the RADIUS security server does not respond.
Set the time for the device to wait for a response from the security server after retransmitting the RADIUS packet. The unit is seconds.
A default shared password for the network access server (device) to communicate with the RADIUS security server
The default number of packet retransmissions before the device considers that the
RADIUS security server does not respond.
The default time for the device to wait for a response from the security server after retransmitting the RADIUS packet.
417
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project