Step 4

Apply the method lists to the interfaces. Use line and interface commands to apply the defined method lists to various interfaces.

If needed, you can configure authorization using the aaa authorization command to NAS. Similarly, you can configure accounting using the aaa accounting command to enable accounting for RADIUS connections.

To configure RADIUS to use the AAA security commands, you must specify the host running the RADIUS server and a secret text string that it shares with the access server. To specify a RADIUS server host and shared secret text string, use the following commands in global configuration mode:

radius-server host {hostname | ip-address} [auth-port port-number]

[acct-port port-number] [timeout seconds] [retransmit retries] [key string] [alias {hostname | ip-address}]

Table 8-3 shows the radius-server host command parameters and their description. hostname | ip-address

Name or IP address of the RADIUS server host. auth-port port-number

(Optional) Specifies the UDP destination port for authentication requests. The default port number is

1645.

acct-port port-number

(Optional) Specifies the UDP destination port for accounting requests. The default port number is

1646.

timeout seconds

(Optional) The time interval (in seconds) that the router waits for the RADIUS server to reply before retransmitting. This setting overrides the global value of the radius-server timeout command. If no timeout value is specified, the global value is used. Enter a value in the range from 1 to 1000.

retransmit retries

(Optional) The number of times a RADIUS request is re-sent to a server if that server is not responding or responding slowly. This setting overrides the global setting of the radius-server retransmit command.

key string

(Optional) Specifies the authentication and encryption key used between the router and the RADIUS daemon running on this RADIUS server. This key overrides the global setting of the radius-server key command. If no key string is specified, the global value is used.

The key is a text string that must match the encryption key used on the RADIUS server.

0 0

Post a comment