Radius servers configured divided into users groups.Below filter-id for read only access:
For super users(SU) filter-id should be like below:
- Set radius servers
(su)->set radius server 1 1.1.1.1 1645 xxxxxxxx
(su)->set radius server 2 2.2.2.2 1645 xxxxxxxx
1645 is udp port , xxxxx is pre-shared key.
- Set function of radius servers( management-access,network-access or any).
set radius realm management-access all
If you have also “dot1x” radius servers commands should be:
set radius realm maangement-access 1
set radius realm maangement-access 2
- Set source interface for radius messages(new firmware only),e.g.
set radius interface vlan 1
- Enable radius authentication globally.
set radius enable
- Check users authentication method.
show authentication login
If your settings are “local” or “tacacs” change it to any:.
set authentication login any
In “any” method order will be the following:radius,local.
- Check radius configuration before logout.
show radius
- Save configuration!
dzbanek 2012-10-13