Cisco 4700M Configuration Manual page 97
Application control engine appliance security
Hide thumbs
Also See for 4700M:
- Administration manual (292 pages) ,
- Upgrade manual (24 pages) ,
- Installation manual (18 pages)
Table of Contents
Advertisement
Chapter 2
Configuring Authentication and Accounting Services
•
•
For example, to configure RADIUS server authentication parameters, enter:
host1/Admin(config)# radius-server host 192.168.2.3 key HostKey
host1/Admin(config)# radius-server host 192.168.2.3 key 7 secret_1256
host1/Admin(config)# radius-server host 192.168.2.3 auth-port 1645
host1/Admin(config)# radius-server host 192.168.2.3 acct-port 1646
host1/Admin(config)# radius-server host 192.168.2.3 authentication
host1/Admin(config)# radius-server host 192.168.2.3 accounting
host1/Admin(config)# radius-server host 192.168.2.3 timeout 25
host1/Admin(config)# radius-server host 192.168.2.3 retransmit 3
To revert to a default RADIUS server authentication setting, enter:
host1/Admin(config)# no radius-server host 192.168.2.3 acct-port 1646
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
OL-16202-01
Configuring the ACE as a Client of a RADIUS, TACACS+, or LDAP Server
timeout seconds—(Optional) By default, the ACE waits 1 second for the
RADIUS server to reply to an authentication request before retransmitting an
authentication request to the server. Use the timeout keyword to change the
time interval that the ACE waits for the RADIUS server to reply to an
authentication request before retransmitting a request. Valid entries are from
1 to 60 seconds. The default is 1 second. For the specified server, this
command overrides the global setting that was assigned by using the
radius-server timeout command.
retransmit count—(Optional) By default, the ACE send a single
authentication request to a timed-out RADIUS server before it stops
transmission and attempts to contact the next identified AAA server. The
retransmit option is the number of times that the ACE retransmits an
authentication request to a timed-out RADIUS server before it declares the
server to be unresponsive and contacts the next server in the group. If all
servers in the group are unavailable for authentication and accounting, the
ACE tries the local database if you configured it as a local fallback method
using the aaa authentication login or the aaa accounting default command.
Valid entries are from 1 to 5 attempts. The default is 1 attempt. For the
specified server, this command overrides the global setting that was assigned
by using the radius-server retransmit command.
2-27
Advertisement
Table of Contents
