Skip to main content
Viptela is now part of Cisco.
Support
Product Documentation
Viptela Documentation

radius-servers

system aaa radius-serversvpn interface dot1x radius-servers, wlan interface radius-servers—Configure which RADIUS servers to use for AAA, IEEE 802.1X, and IEEE 802.11i authentication (for IEEE 802.1X and IEEE 802.11i on vEdge routers only).

vManage Feature Template

For all Viptela devices:

Configuration ► Templates ► AAA

For vEdge routers only:

Configuration ► Templates ► VPN Interface Ethernet 
Configuration ► Templates ► WiFi SSID (for vEdge cellular wireless routers only)

Command Hierarchy

system
  aaa
    radius-servers tag
vpn 0
  interface interface-name
    dot1x
      radius-servers tag
wlan radio-band
  interface vapnumber
    radius-servers tag

Options

Tag Associated with a RADIUS Server
tag
Tag of RADIUS server to use for AAA, IEEE 802.1X, or IEEE 802.11i authentication. The tag can be from 4 through 16 characters long. You can specify one or two tags. You configure the tags with the system radius server tag command. 
If you specify tags for two RADIUS servers, they must both be reachable in the same VPN. If you do not configure a priority value when you configure the RADIUS server with the system radius server priority command, the order in which you list the IP addresses is the order in which the RADIUS servers are tried.
If you configure no RADIUS server tags, all RADIUS servers in the configuration are used for authentication.

Example

Configure two RADIUS servers to use for AAA authentication:

Viptela# show running-config system
system
...
 aaa
  auth-order     local radius tacacs
  radius-servers radius-1 radius-2
  usergroup basic
   task system read write
   task interface read write
  !
  usergroup netadmin
  !
  usergroup operator
   task system read
   task interface read
   task policy read
   task routing read
   task security read
  !
  user admin
   password $6$6fmWvCA6jHuEq/AK$y3gixVkyhtvXLWNTiv3Wy21i9/.6h56IQNWvI3YdjxH9qQmGVWVGQW391dlaqjRRDtUkuxeIy3/m9BqL/0IZG.
  !
 !
...
 radius
  server 1.2.3.4
   tag radius-1
  exit
  server 2.3.4.5
   tag radius-2
  exit
 !

Configure the RADIUS servers to use for 802.1X authentication:

system
 radius
  server 10.1.15.150
   tag              freerad1
   source-interface ge0/0
   secret-key       $4$L3rwZmsIic8zj4BgLEFXKw==
   priority         1
  exit
  server 10.20.24.150
   auth-port        2000
   acct-port        2001
   tag              freerad2
   source-interface ge0/4
   secret-key       $4$L3rwZmsIic8zj4BgLEFXKw==
   priority         2
  exit
 !
!
vpn 0
 interface ge0/5
  dot1x
   auth-reject-vlan 40
   auth-fail-vlan   30
   guest-vlan       20
   default-vlan     10
   radius-servers   freerad1
  !
  no shutdown
 !
!

Configure the RADIUS servers to use for 802.11i authentication:

vEdge# show running-config wlan
wlan 5GHz
 channel 36
 interface vap0
  ssid     tb31_pm6_5ghz_vap0
  no shutdown
 !
 interface vap1
  ssid           tb31_pm6_5ghz_vap1
  data-security  wpa/wpa2-enterprise
  radius-servers tag1
  no shutdown
 !
 interface vap2
  ssid             tb31_pm6_5ghz_vap2
  data-security    wpa/wpa2-personal
  mgmt-security    optional
  wpa-personal-key $4$BES+IEZB2vcQpeEoSR4ia9JqgDsPNoHukAb8fvxAg5I=
  no shutdown
 !
 interface vap3
  ssid           tb31_pm6_5ghz_vap3
  data-security  wpa2-enterprise
  mgmt-security  optional
  radius-servers tag1
  no shutdown
 !
!

Release Information

Command introduced in Viptela Software Release 16.3.​

Additional Information

See the Configuring IEEE 802.1X and IEEE 802.11i Authentication and Configuring WLAN Interfaces articles for your software release.
See the Configuring User Access and Authentication article for your software release.
radius

  • Was this article helpful?