Radius servers configured divided into users groups.Below filter-id for read only access:



For super users(SU) filter-id should be like below:




  • Set radius servers

(su)->set radius server 1 1645 xxxxxxxx

(su)->set radius server 2 1645 xxxxxxxx

1645 is udp port , xxxxx is pre-shared key.

  • Set function of radius servers( management-access,network-access or any).

set radius realm management-access all

If you have also “dot1x” radius servers commands should be:

set radius realm maangement-access 1

set radius realm maangement-access 2

  • Set source interface for radius messages(new firmware only),e.g.

set radius interface vlan 1

  • Enable radius authentication globally.

set radius enable

  • Check users authentication method.

show authentication login



If your settings are “local” or “tacacs” change it to any:.

set authentication login any

In “any” method order will be the following:radius,local.

  • Check radius configuration before logout.

show radius



  • Save configuration!
dzbanek 2012-10-13