|
|
This chapter describes the function and displays the syntax for RADIUS commands. For more information about defaults and usage guidelines, see the corresponding chapter of the Security Command Reference.
To force RADIUS to use the IP address of a specified interface for all outgoing RADIUS packets, use the ip radius source-interface global configuration command.
ip radius source-interface subinterface-name| subinterface-name | Name of the interface that RADIUS uses for all of its outgoing packets. |
To have the Cisco router or access server query the vendor-proprietary RADIUS server for the static routes and IP pool definitions used throughout its domain when the device starts up, use the radius-server configure-nas global configuration command.
radius-server configure-nasTo improve RADIUS response times when some servers might be unavailable, use the radius-server dead-time global configuration command to cause the unavailable servers to be skipped immediately. Use the no form of this command to set dead-time to 0.
radius-server dead-time minutes| minutes | Length of time a RADIUS server is skipped over by transaction requests, up to a maximum of 1440 minutes (24 hours). |
To specify a RADIUS server host, use the radius-server host global configuration command. Use the no form of this command to delete the specified RADIUS host.
radius-server host {hostname | ip-address} [auth-port port-number] [acct-port port-number]| hostname | DNS name of the RADIUS server host. |
| ip-address | IP address of the RADIUS server host. |
| auth-port | (Optional) Specifies the UDP destination port for authentication requests. |
| port-number | (Optional) Port number for authentication requests; the host is not used for authentication if set to 0. |
| acct-port | (Optional) Specifies the UDP destination port for accounting requests. |
| port-number | (Optional) Port number for accounting requests; the host is not used for accounting if set to 0. |
To identify that the security server is using a vendor-proprietary implementation of RADIUS, use the radius-server host non-standard global configuration command. This command tells the Cisco IOS software to support non-standard RADIUS attributes. Use the no form of this command to delete the specified vendor-proprietary RADIUS host.
radius-server host {hostname | ip-address} non-standard| hostname | DNS name of the RADIUS server host. |
| ip-address | IP address of the RADIUS server host. |
To set the authentication and encryption key for all RADIUS communications between the router and the RADIUS daemon, use the radius-server key global configuration command. Use the no form of this command to disable the key.
radius-server key {string}| string | The key used to set authentication and encryption. This key must match the encryption used on the RADIUS daemon. |
To specify the number of times the Cisco IOS software searches the list of RADIUS server hosts before giving up, use the radius-server retransmit global configuration command. Use the no form of this command to disable retransmission.
radius-server retransmit retries| retries | Maximum number of retransmission attempts. The default is 3 attempts. |
To set the interval a router waits for a server host to reply, use the radius-server timeout global configuration command. Use the no form of this command to restore the default.
radius-server timeout seconds| seconds | Number that specifies the timeout interval in seconds. The default is 5 seconds. |
|
|