RADIUS Client

Remote Authorization Dial-In User Service (RADIUS) servers provide a centralized 802.1X or MAC-based network access control. The device can be configured to be a RADIUS client that can use a RADIUS server to provide centralized security, and as a RADIUS server. An organization can use the device as establish a Remote Authorization Dial-In User Service (RADIUS) server to provide centralized 802.1X or MAC-based network access control for all of its devices. In this way, authentication and authorization can be handled on a single server for all devices in the organization.

Use RADIUS in network environments that require access security. To set the RADIUS server parameters, follow these steps:

Procedure

Step 1	Click Security > RADIUS Client.
Step 2	Enter the default RADIUS parameters if required. Values entered in the Default Parameters are applied to all servers. If a value is not entered for a specific server (in the Add RADIUS Server page) the device uses the values in these fields. Retries—Enter the number of transmitted requests that are sent to the RADIUS server before a failure is considered to have occurred. Timeout for Reply—Enter the number of seconds that the device waits for an answer from the RADIUS server before retrying the query, or switching to the next server. Key String—Enter the default key string used for authenticating and encrypting between the device and the RADIUS server. This key must match the key configured on the RADIUS server. A key string is used to encrypt communications by using MD5. The key can be entered in Encrypted or Plaintext form. If you do not have an encrypted key string (from another device), enter the key string in plaintext mode and click Apply. The encrypted key string is generated and displayed.
Step 3	Click Apply. The RADIUS default settings for the device are updated in the Running Configuration file.
Step 4	To add a RADIUS server, click Add.
Step 5	Enter the values in the fields for each RADIUS server. To use the default values entered in the RADIUS page, select Use Default. Server Definition—Select whether to specify the RADIUS server by IP address or name. IP Version—Select the version of the IP address of the RADIUS server. Server IP Address/Name—Enter the RADIUS server by IP address or name. Priority—Enter the priority of the server. The priority determines the order the device attempts to contact the servers to authenticate a user. The device starts with the highest priority RADIUS server first. Zero is the highest priority. Key String—Enter the key string used for authenticating and encrypting communication between the device and the RADIUS server. This key must match the key configured on the RADIUS server. It can be entered in Encrypted or Plaintext format. If Use Default is selected, the device attempts to authenticate to the RADIUS server by using the default Key String. Timeout for Reply—Select User Defined and enter the number of seconds the device waits for an answer from the RADIUS server before retrying the query, or switching to the next server if the maximum number of retries made. If Use Default is selected, the device uses the default timeout value. Authentication Port—Enter the UDP port number of the RADIUS server port for authentication requests Retries—Select User Defined and enter the number of requests that are sent to the RADIUS server before a failure is considered to have occurred. If Use Default is selected, the device uses the default value for the number of retries. Usage Type—Enter the RADIUS server authentication type. The options are: Login—RADIUS server is used for authenticating users that ask to administer the device. 802.1x—RADIUS server is used for 802.1x authentication. All—RADIUS server is used for authenticating user that ask to administer the device and for 802.1X authentication.
Step 6	Click Apply. The RADIUS server definition is added to the Running Configuration file of the device.
Step 7	To display sensitive data in plaintext form on the page, click Display Sensitive Data As Plaintext.