Configuration Commands
107
Table 79 RADIUS Server Configuration commands
Command Description
no radius-server enable
Disables the RADIUS server. This is the default.
Command mode: Global configuration
show radius-server
Displays the current RADIUS server parameters.
Command mode: All
IMPORTANT: If RADIUS is enabled, you must login using RADIUS authentication when connecting
via the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can
connect using noradius and the administrator password even if the backdoor or secure backdoor
(secbd) are disabled.
If Telnet backdoor is enabled, type in noradius as a backdoor to bypass RADIUS checking, and
use the administrator password to log into the switch. The switch allows this even if RADIUS servers
are available.
If secure backdoor is enabled, type in noradius as a backdoor to bypass RADIUS checking, and
use the administrator password to log into the switch. The switch allows this only if RADIUS servers
are not available.
TACACS+ server configuration
TACACS+ (Terminal Access Controller Access Control System) is an authentication protocol that allows a
remote access server to forward a user's logon password to an authentication server to determine whether
access can be allowed to a given system. TACACS+ and Remote Authentication Dial-In User Service
(RADIUS) protocols are more secure than the TACACS encryption protocol. TACACS+ is described in
RFC 1492.
TACACS+ protocol is more reliable than RADIUS, as TACACS+ uses the Transmission Control Protocol
(TCP) whereas RADIUS uses the User Datagram Protocol (UDP). Also, RADIUS combines authentication
and authorization in a user profile, whereas TACACS+ separates the two operations.
TACACS+ offers the following advantages over RADIUS as the authentication device:
• TACACS+ is TCP-based, so it facilitates connection-oriented traffic.
• It supports full-packet encryption, as opposed to password-only in authentication requests.
• It supports decoupled authentication, authorization, and accounting.
The following table describes the TACACS+ Server Configuration commands.
Table 80 TACACS+ Server Configuration commands
Command Description
[no] tacacs-server primary-host <IP
address> key <1-32 characters>
Defines the primary TACACS+ server address and shared
secret between the switch and the TACACS+ server(s).
Command mode: Global configuration
[no] tacacs-server secondary-host <IP
address> key <1-32 characters>
Defines the secondary TACACS+ server address and shared
secret between the switch and the TACACS+ server(s).
Command mode: Global configuration
