5-14
RADIUS Authentication, Authorization, and Accounting
Configuring the Switch for RADIUS Authentication
this default behavior for clients with Enable (manager) access. That is, with
privilege-mode enabled, the switch immediately allows Enable (Manager)
access to a client for whom the RADIUS server specifies this access level.
3. Configure the Switch To Access a RADIUS Server
This section describes how to configure the switch to interact with a RADIUS
server for both authentication and accounting services.
Syntax: [no] aaa authentication login privilege-mode
When enabled, the switch reads the Service-Type field in the
client authentication received from a RADIUS server. The
following table describes the applicable Service-Type values
and corresponding client access levels the switch allows upon
authentication by the server.
Service-Type Value Client Access Level
Administrative-
User
6 Manager
NAS-Prompt-
User
7 Operator
Any Other Type Any Value Except
6 or 7
Access Denied
This feature applies to console (serial port), Telnet, SSH, and
web browser interface access to the switch. It does not apply
to 802.1X port-access.
Notes: While this option is enabled, a Service-Type value
other than 6 or 7, or an unconfigured (null) Service-Type
causes the switch to deny access to the requesting client.
The no form of the command returns the switch to the default
RADIUS authentication operation. The default behavior for
most interfaces is that a client authorized by the RADIUS
server for Enable (Manager) access will be prompted twice,
once for Login (Operator) access and once for Enable access.
In the default RADIUS authentication operation, the switch’s
web browser interface requires only one successful authenti-
cation request. For more information on configuring the
Service Type in your RADIUS application, refer to the docu-
mentation provided with the application.
