radius-server host
Adds a RADIUS server to the set of servers used for authentication.
Syntax
[no] radius-server host {<ip-address> | <hostname>} [auth-port <port>] [auth-type <type>] [timeout <seconds>] [retransmit <retries>] [key <string>]
Parameters
<ip-address> | RADIUS server IP address. |
<hostname> | RADIUS server hostname. |
auth-port <port> | Specifies the authentication port number to use with this RADIUS server. The default value is 1812. |
auth-type <type> | Specifies the authentication type to use with this RADIUS server. • chap - Specifies Challenge Handshake Authentication Protocol (CHAP), which provides better security than PAP. • pap - Specifies Password Authentication Protocol (PAP). |
timeout <seconds> | Specifies the time-out period to use with this RADIUS server. |
retransmit <retries> | Specifies the number of times the client attempts to authenticate with any RADIUS server. The default value is 1. The range is from 0 to 5. To disable retransmissions, set it to 0. |
key <string> | Specifies the shared secret text string used to communicate with this RADIUS server. • 0 - Specifies the shared secret to use with this RADIUS server. • 7 - Specifies the RADIUS key with an encrypted string. |
Usage
RADIUS servers are tried in the order they are configured.
The same IP address can be used in more than one radius-server host command if the auth-port value is different for each. The auth-port value is a UDP port number. The auth-port value must be specified immediately after the host <ip-address> option (if present).
PAP authentication validates users before allowing them access to the RADIUS server resources. PAP is the most flexible protocol but is less secure than CHAP.
CHAP authentication validates the identity of remote clients by periodically verifying the identity of the client using a three-way handshake. This happens at the time of establishing the initial link and might happen again at any time afterwards. CHAP bases verification on a user password and transmits an MD5 sum of the password from the client to the server.
Some parameters override the RADIUS server global defaults. For details, see the SteelHead Deployment Guide.
The no command option stops sending RADIUS authentication requests to the host.
If no radius-server host <ip-address> is specified, all radius configurations for the host are deleted.
The no radius-server host <ip-address> auth-port <port> command can be specified to refine which host is deleted, as the previous command deletes all RADIUS servers with the specified IP address.
Example
amnesiac (config) # radius-server host 10.0.0.1 timeout 10 key XXXX retransmit 3
Product
SCC, Interceptor, Mobile Controller, SteelHead CX, SteelHead EX, SteelHead-v, SteelHead-c
Related Commands