Published On: August 6ᵗʰ, 2019 02:06

Cisco Enterprise Network Compute System Switch Command Reference

RADIUS Commands

radius-server deadtime

To configure how long unavailable RADIUS servers are skipped over by transaction requests, use the radius-server deadtime command in switch configuration mode. This improves RADIUS response time when servers are unavailable. To restore the default configuration, use the no form of this command.

radius-server deadtime deadtime

no radius-server deadtime

Syntax Description

deadtime

Specifies the time interval in minutes, during which a RADIUS server is skipped over by transaction requests. Valid range is from 0 to 2000.

Command Default

The default deadtime interval is 0.

Command Modes

Switch configuration (config-switch)

Command History

Release Modification
3.5.1

This command was introduced.

Examples

The following example sets the deadtime of all RADIUS servers to 10 minutes.

nfvis(config-switch)# radius-server deadtime 10
nfvis(config-switch)# commit
nfvis(config-switch)# end

radius-server host

To configure a RADIUS server host, use the radius-server host command in switch configuration mode. To delete the specified RADIUS server host, use the no form of the command.

radius-server host { ip-address | hostname} [ acct-port UDP-port-number] [ auth-port UDP-port-number] [ deadtime deadtime] [ key key-string] [ priority priority] [ retransmit retries]

no radius-server host

Syntax Description

ip-address

Specifies the RADIUS server host IP address. The IP address can be an IPv4, IPv6 or IPv6z address.
hostname

Specifies the RADIUS server host name. Translation to IPv4 addresses only is supported. (Length: 1–158 characters. Maximum label length of each part of the hostname: 63 characters)
acct-port UDP-port-number

(Optional) Specify the UDP port number for accounting requests. If the port number is set to 0, the host is not used for authentication. If unspecified, the port number defaults to 1813.
auth-port UDP-port-number

(Optional) Specify the UDP port number for authentication requests. If set to 0, the host is not used for authentication . If unspecified, the port number defaults to 1812.
deadtime deadtime

(Optional) Specify time, in minutes, for which a RADIUS server is skipped over by transaction requests. Range: 1-2000
key key-string

(Optional) Specifies the authentication and encryption key (per-server encryption key) for all RADIUS communications between the device and the RADIUS server. This key must match the encryption used on the RADIUS daemon. Length: 0–128 characters. To specify an empty string, enter "". If this parameter is omitted, the globally-configured radius key will be used.
priority priority

(Optional) Specifies the order in which servers are used, where 0 is the highest priority. Range: 0-65535.
retransmit retries

(Optional) Specify the number of retries to the active server (overrides default). If no retransmit value is specified, the global value is used. Range: 0-15.

Command Default

If retransmit is not specified, the global value set in the radius-server retransmit command is used.

If key is not specified, the global value set in the radius-server key command is used.

Command Modes

Switch configuration (config-switch)

Command History

Release Modification
3.5.1

This command was introduced.

Usage Guidelines

To specify multiple hosts, use this command for each host.

Examples

The following example specifies a RADIUS server host with the IP address 172.29.39.46 and authentication request port number 20.

nfvis(config-switch)# radius-server host 172.29.39.46 auth-port 20
nfvis(config-switch)# commit
nfvis(config-switch)# end

radius-server key

To set the authentication key for RADIUS communications between the device and the RADIUS daemon, use the radius-server key command in switch configuration mode. To restore the default configuration, use the no form of this command

radius-server key key-string

no radius-server key

Syntax Description

key-string

Specifies the authentication and encryption key for all RADIUS communication between the device and the RADIUS server. This key must match the encryption used on the RADIUS daemon. Range: 0 to 128 characters.

Command Default

The key-string is an empty string.

Command Modes

Switch configuration (config-switch)

Command History

Release Modification
3.5.1 This command was introduced.

Examples

The following example defines the authentication key for all RADIUS communication between the device and the RADIUS daemon.

nfvis(config-switch)# radius-server key enterprise-server
nfvis(config-switch)# commit
nfvis(config-switch)# end

radius-server retransmit

To specify the number of times the software searches the list of RADIUS server hosts, use the radius-server retransmit command in switch configuration mode. To restore the default configuration, use the no form of this command.

radius-server retransmit retries

no radius-server retransmit

Syntax Description

retries

Specifies the number of retries for a transaction. Valid range is from 1 to 15.

Command Default

The software searches the list of RADIUS server hosts 3 times.

Command Modes

Switch configuration (config-switch)

Command History

Release Modification
3.5.1

This command was introduced.

Examples

The following example configures the number of times the software searches all RADIUS server hosts to 5.

nfvis(config-switch)# radius-server retransmit 5
nfvis(config-switch)# commit
nfvis(config-switch)# end

radius-server timeout

To set the number of retries for a transaction, use the radius-server timeout command in switch configuration mode. To restore the default configuration, use the no form of this command

radius-server timeout timeout-tries

no radius-server timeout timeout-tries

Syntax Description

timeout-tries

Specify the number of retries for a transaction. Valid range is from 1 to 15.

Command Default

The default value for timeout-tries is 3.

Command Modes

Switch configuration (config-switch)

Command History

Release Modification
3.5.1

This command was introduced.

Examples

The following example sets the number of retries for a transaction to 5.

nfvis(config-switch)# radius-server timeout 5
nfvis(config-switch)# commit
nfvis(config-switch)# end

ip radius source-interface

To use the IPv4 address of the specified source interface as the Source IPv4 address for communication with IPv4 RADIUS servers, use the ip radius source-interface command in switch configuration mode. To restore the default configuration, use the no form of the command.

ip radius source-interface interface-id

no ip radius source-interface

Syntax Description

interface-id

Specifies the source interface.

Command Default

The source IPv4 address is the IPv4 address defined on the outgoing interface and belonging to next hop IPv4 subnet.

Command Modes

Switch configuration (config-switch)

Command History

Release Modification
3.6.1

This command was introduced.

Usage Guidelines

If the source interface is the outgoing interface, the interface IP address belonging to next hop IPv4 subnet is applied.

If the source interface is not the outgoing interface, the minimal IPv4 address defined on the source interface is applied.

Examples

The following example configures the VLAN 10 as the source interface.

nfvis(config-switch)# ip radius source-interface vlan 100

show switch radius-server

To display the RADIUS server configuration, use the show switch radius-server command in privileged EXEC mode.

show switch radius-server [ configuration { global | host} ]

Syntax Description

configuration

Specifies the mode for the RADIUS server configuration information.
global

Displays the global configuration information about the RADIUS server.
host

Displays the RADIUS server host information.

Command Default

None

Command Modes

Privileged EXEC (#)

Command History

Release Modification
3.6.1

This command was introduced.

Usage Guidelines

None

Examples

The following is a sample output of the show switch radius-server command that displays the RADIUS server configuration:

nfvis# show switch radius-server       
radius-server configuration global key None
radius-server configuration global timeout 3
radius-server configuration global deadtime 0
radius-server configuration global retransmit 3
radius-server configuration global source-ipv4-intf none