Configuration Guide Vol. 1

10.2.6 Connecting with RADIUS/TACACS +

<Structure of this section>

(1) Connecting to RADIUS Servers

(a) Identifying the Switch on RADIUS Servers

RADIUS protocol states that the source IP address of the request packet must be used as the key for identifying the NAS. The Switch uses the following types of address as the source IP address of a request packet:

  • If a local address is set by the interface loopback 0 configuration command, the local address is used as the source IP address.

  • If a local address is not set, the IP address of the sending interface is used.

Therefore, if the local address is set, that IP address must be used to register the Switch with the RADIUS server. By setting the local address, the RADIUS server will be able to reliably identify the Switch from the registered information, if the interface for communicating with the RADIUS server were unidentifiable.

(b) RADIUS servers messaging

In some cases, the RADIUS server attaches a Reply-Message attribute to a response and sends a message to the requestor. The Switch outputs the contents of the Reply-Message attribute to an operation log. If authentication by the RADIUS server fails, check this operation log.

(c) RADIUS server-port number

Port 1812 is assigned to the RADIUS authentication service in RFC 2865. Unless otherwise specified, the Switch uses port 1812 in requests sent to a RADIUS server. However, some RADIUS servers still use port 1645, which was used in early implementations. For a RADIUS server of this type, specify 1645 in the auth-port parameter of the radius-server host configuration command. Note that auth-port parameter can be any number from 1 to 65535, which means that RADIUS servers can listen to any port number.

(2) Connecting to TACACS + Servers

(a) Configuring TACACS + Servers

  • Take care with the service and attribute name settings when connecting the Switch with a TACACS+ server. For information about the properties of TACACS + servers, see Command-Authorization Using 10.2.4 RADIUS/TACACS +/Local.

  • If a local address is set by the interface loopback 0 configuration command, the local address is used as the source IP address.

[Product name label]

All Rights Reserved, Copyright(C), 2022, 2023, ALAXALA Networks, Corp.