5-14
RADIUS Authentication and Accounting
Configuring the Switch for RADIUS Authentication
For example, suppose that your switch is configured to use three RADIUS
servers for authenticating access through Telnet and SSH. Two of these servers
use the same encryption key. In this case your plan is to configure the switch
with the following global authentication parameters:
■
Allow only two tries to correctly enter username and password.
■
Use the global encryption key to support the two servers that use the
same key. (For this example, assume that you did not configure these
two servers with a server-specific key.)
■
Use a dead-time of five minutes for a server that fails to respond to
an authentication request.
■
Allow three seconds for request timeouts.
■
Allow two retries following a request that did not receive a response.
Figure 5-5. Example of Global Configuration Exercise for RADIUS Authentication