•
Create a method list with RADIUS and TACACS+ as authorization methods.
CONFIGURATION mode
aaa authorization exec {method-list-name | default} radius tacacs+
Typical order of methods: RADIUS, TACACS+, Local, None.
If RADIUS denies authorization, the session ends (RADIUS must not be the last method specified).
Applying the Method List to Terminal Lines
To enable RADIUS AAA login authentication for a method list, apply it to a terminal line.
To configure a terminal line for RADIUS authentication and authorization, use the following commands.
•
Enter LINE mode.
CONFIGURATION mode
line {aux 0 | console 0 | vty number [end-number]}
•
Enable AAA login authentication for the specified RADIUS method list.
LINE mode
login authentication {method-list-name | default}
This procedure is mandatory if you are not using default lists.
•
To use the method list.
CONFIGURATION mode
authorization exec methodlist
Specifying a RADIUS Server Host
When configuring a RADIUS server host, you can set different communication parameters, such as the
UDP port, the key password, the number of retries, and the timeout.
To specify a RADIUS server host and configure its communication parameters, use the following
command.
•
Enter the host name or IP address of the RADIUS server host.
CONFIGURATION mode
radius-server host {hostname | ip-address} [auth-port port-number]
[retransmit retries] [timeout seconds] [key [encryption-type] key]
Configure the optional communication parameters for the specific host:
– auth-port port-number: the range is from 0 to 65535. Enter a UDP port number. The default is
1812.
– retransmit retries: the range is from 0 to 100. Default is 3.
– timeout seconds: the range is from 0 to 1000. Default is 5 seconds.
– key [encryption-type] key: enter 0 for plain text or 7 for encrypted text, and a string for the
key. The key can be up to 42 characters long. This key must match the key configured on the
RADIUS server host.
If you do not configure these optional parameters, the global default values for all RADIUS host are
applied.
830
Security