Users Guide

Table Of Contents
radius-server host
Configures a RADIUS server and the key used to authenticate the switch on the server.
Syntax
radius-server host {hostname | ip-address} key {0 authentication-key | 9
authentication-key | authentication-key} [auth-port port-number]
Parameters
hostname Enter the host name of the RADIUS server.
ip-address Enter the IPv4 (A.B.C.D) or IPv6 (x:x:x:x::x) address of the RADIUS server.
key 0 authentication-key Enter an authentication key in plain text. A maximum of 42
characters.
key 9 authentication-key Enter an authentication key in encrypted format. A maximum of
128 characters.
authentication-key Enter an authentication in plain text. A maximum of 42 characters. It is
not necessary to enter 0 before the key.
auth-port port-number (Optional) Enter the UDP port number used on the server for
authentication, from 1 to 65535, default 1812.
Default Not configured
Command Mode CONFIGURATION
Usage
Information
The authentication key must match the key configured on the RADIUS server. You cannot enter spaces in
the key. The show running-configuration output displays both unencrypted and encrypted keys
in encrypted format. Configure global settings for the timeout and retransmit attempts allowed on
RADIUS servers using the radius-server retransmit and radius-server timeout
commands.
Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S).
Also supported in SmartFabric mode starting in release 10.5.0.1.
The no version of this command removes a RADIUS server configuration.
Example
OS10(config)# radius-server host 1.5.6.4 key secret1
Supported
Releases
10.2.0E or later
radius-server host tls
Configures a RADIUS server for RADIUS over TLS user authentication and secure communication. For RADIUS over TLS
authentication, the radsec shared key and a security profile that uses an X.509v3 certificate are required.
Syntax
radius-server host {hostname | ip-address} tls security-profile profile-
name [auth-port tcp-port-number] key {0 authentication-key | 9
authentication-key | authentication-key}
Parameters
hostname Enter the host name of the RADIUS server.
ip-address Enter the IPv4 (A.B.C.D) or IPv6 (x:x:x:x::x) address of the RADIUS server.
tls Enter tls to secure RADIUS server communication using the TLS protocol.
security-profile profile-name Enter the name of an X.509v3 security profile to use with
RADIUS over TLS authentication. To configure a security profile for an OS10 application, see Security
profiles.
auth-port tcp-port-number (Optional) Enter the TCP port number that the server uses for
authentication. The range is from 1 to 65535. The default is 2083.
key 0 authentication-key Enter the radsec shared key in plain text.
key 9 authentication-key Enter the radsec shared key in encrypted format.
authentication-key Enter the radsec shared key in plain text. It is not necessary to enter 0
before the key.
Default TCP port 2083 on a RADIUS server for RADIUS over TLS communication
Command Mode CONFIGURATION
Security 1135