Example: Configuring the switch for Remote AAA with RADIUS

Prerequisites

半径一般根据服务器配置the information inRemote AAA RADIUS server configuration requirements. The exact settings appropriate to your environment will vary.
Logged in to the switch with Administrator privilege and in theconfigcontext.

Procedure

Configure the global RADIUS passkey (shared secret) as "xjkW74932qX3j_$"

switch(config)#radius-server key plaintext xjkW74932qX3j_$switch(config)#

Add these configuration details for two remote RADIUS servers.
- Server 1 with IPv4 address 10.0.0.2, on the management interface (belonging to VRF “mgmt”), using the default PAP protocol.
- Server 2 with IPv4 address 4.0.0.2, on the data interface (belonging to VRF “default”), using the CHAP protocol.
```
switch(config)#radius-server host 10.0.0.2 vrf mgmtswitch(config)#radius-server host 4.0.0.2 auth-type chapswitch(config)#
```

Create a RADIUS group namedrad_grp1, assign RADIUS server 10.0.0.2 to the group, show the group information.

NOTE:

The default RADIUS group namedradiusincludes every RADIUS server regardless of whether any RADIUS servers are also assigned to a user-defined RADIUS group.

switch(config)#aaa group server radius rad_grp1switch(config-sg)#server 10.0.0.2 vrf mgmtswitch(config-sg)#exitswitch(config)# switch(config)#do show aaa server-groups radius******* AAA Mechanism RADIUS ******* -------------------------------------------------------------------------------- GROUP NAME | SERVER NAME | PORT | VRF | PRIORITY -------------------------------------------------------------------------------- rad_grp1 | 10.0.0.2 | 1812 | mgmt | 1 -------------------------------------------------------------------------------- radius (default) | 10.0.0.2 | 1812 | mgmt | 1 radius (default) | 4.0.0.2 | 1812 | default | 2 -------------------------------------------------------------------------------- switch(config)#

Define the authentication sequence list so that the new RADIUS group is first, the default RADIUS group is second, and local is third. Show the authentication sequence.

switch(config)#aaa authentication login default group rad_grp1 radius localswitch(config)# switch(config)#do show aaa authenticationAAA Authentication: Fail-through : Disabled Limit Login Attempts : Not set Lockout Time : 300 Minimum Password Length : Not set Default Authentication for All Channels: --------------------------------------------------------------------------------- GROUP NAME | GROUP PRIORITY --------------------------------------------------------------------------------- rad_grp1 | 0 radius | 1 local | 2 --------------------------------------------------------------------------------- switch(config)#

Define the accounting sequence list with two RADIUS server groups. Show the accounting sequence.

switch(config)#aaa accounting all default start-stop group rad_grp1 radiusswitch(config)# switch(config)#do show aaa accountingAAA Accounting: Accounting Type : all Accounting Mode : start-stop Default Accounting for All Channels: --------------------------------------------------------------------------------- GROUP NAME | GROUP PRIORITY --------------------------------------------------------------------------------- rad_grp1 | 0 radius | 1 ---------------------------------------------------------------------------------