Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Define the Security Server—RADIUS

Define the Security Server—RADIUS

Sep 17,2009 by alperen

small font medium font large font
image

Define the Security Server—RADIUS

To specify a RADIUS server host, use the radius-server host global configuration command. Use the no form of this command to delete the specified RADIUS host. The syntax is

Rtr1(config)#radius-server host {hostname | ip-address} [auth-port port-num]
 [acct-port port-num] [timeout seconds] [retransmit retries] [key string]
 [alias{hostname | ip-address}]
Rtr1(config)#no radius-server host {hostname | ip-address} [auth-port port-num]
 [acct-port port-num] [timeout seconds] [retransmit retries] [key string]

hostname

DNS name of the RADIUS server.

ip-address

IP address of the RADIUS server.

auth-port port-num

(Optional) To specify a UDP destination port for authentication requests. The host isn’t used for authentication if set to 0.

acct-port port-num

(Optional) To specify a UDP destination port for accounting requests. The host isn’t used for accounting if set to 0.

The following example defines port 12 as the destination port for authentication requests and port 16 as the destination port for accounting requests on a RADIUS host named 192.168.1.4. Because entering a line resets all the port numbers, you must specify a host and configure both the accounting and authentication ports on a single line.

Rtr1(config)#aaa new-model 
Rtr1(config)#radius-server host 192.168.1.4 auth-port 12 acct-port 16

To use separate servers for accounting and authentication, use the zero port value, as appropriate. The following example specifies RADIUS server192.168.1.4 be used for accounting, but not for authentication, and RADIUS server host1 be used for authentication, but not for accounting:

Rtr1(config)#aaa new-model 
Rtr1(config)#radius-server host 192.168.1.4 auth-port 0
Rtr1(config)#radius-server host host1.domain.com acct-port 0
Define RADIUS Server Key Option

The global authentication encryption key is set with the global configuration command radius-server key. This key value must match the key value configured on the RADIUS server, if one is used. Use the no form of this command to disable the key. The syntax is

Rtr1(config)#radius-server key string
Rtr1(config)#no radius-server key [string]

string

Any leading spaces are ignored; but spaces within and at the end of the key are not. Don’t enclose the key in quotation marks unless they’re part of the key.

The following example specifies a global timeout of seven seconds, a global key of cisco-key, and then three RADIUS servers. The first—rad-serv1—is the one all requests are sent to first. If those requests aren’t answered before the timeout timer expires (seven seconds), the next two servers are tried in order. The global timeout and key settings only apply to the first two servers because the third one has overriding options defined.

Rtr1(config)#aaa new-model 
Rtr1(config)#radius-server timeout 7
Rtr1(config)#radius-server key cisco-key
Rtr1(config)#radius-server host rad-serv1
Rtr1(config)#radius-server host 192.168.1.4
Rtr1(config)#radius-server host 192.168.6.4 timeout 3 key cisco9

169 times read

Related news
» Define the Security Server—RADIUS
by alperen posted on Jul 12,2009
» Configure NAS to RADIUS Server Communication
by alperen posted on Aug 20,2009
» Define AAA Group Server (Optional)
by alperen posted on Sep 17,2009
» Define RADIUS Server Key Option
by alperen posted on Aug 20,2009
» Define RADIUS Server Key Option
by alperen posted on Jul 12,2009
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.