radius settings
This command configures various RADIUS settings.
Syntax
(config-system)# radius settings (radius)#
|
Command |
Description |
|||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
double-decode-url {off|on} |
Enables an additional decoding of authentication credentials that are sent to the RADIUS server via URL. |
|||||||||
|
enable {off|on} |
Enables or disables the RADIUS application. |
|||||||||
|
enable-mgmt-login {off|on} |
Uses RADIUS for authentication of management interface access. |
|||||||||
|
local-cache-mode {0|1} |
Defines the capability to reset the expiry time of the local RADIUS password cache. |
|||||||||
|
local-cache-timeout |
Defines the expiry time, in seconds of the locally stored RADIUS password cache. |
|||||||||
|
nas-id-attribute |
Defines the RADIUS NAS Identifier attribute. |
|||||||||
|
source data {interface|source-address|vrf} |
Defines the source network interface for RADIUS, which can be one of the following:
Note: If you don't specify a VRF name, the device uses the default VRF (main-vrf). |
|||||||||
|
timeout-behavior |
Configures device behavior when RADIUS times out. |
|||||||||
|
vsa-access-level |
Defines the 'Security Access Level' attribute code in the VSA section of the RADIUS packet that the device should relate to. |
|||||||||
|
vsa-vendor-id |
Defines the vendor ID that the device should accept when parsing a RADIUS response packet. |
Command Mode
Privileged User
Example
This example demonstrates configuring VSA vendor ID:
(config-system)# radius settings (radius)# vsa-vendor-id 5003