Excluding the RADIUS Server for Login Features

You can specify whether the RADIUS server can be used for login features such as Telnet, SSH, console, EXEC, or Web-management AAA. The following task excludes the RADIUS server for all login features.

  1. Use the configure terminal command to enter global configuration mode.
    device# configure terminal
  2. Use the radius-server host command, specifying an IP address, and using the auth-port port-num, acct-port port-num, default, key key-string, and no-login parameters.
    
    device(config)# radius-server host 10.26.67.13 auth-port 1812 acct-port 1813 default key ruckus no-login
    The example configures default UDP ports for authorization and accounting. The RADIUS key for the server is configured as “ruckus." The no-login keyword is configured so that this RADIUS server cannot be used for Telnet, SSH, console, EXEC, or Web-management AAA.

The following example uses the RADIUS server for Flexible authentication modules.

device# configure terminal
device(config)# radius-server host 10.26.67.13 auth-port 1812 acct-port 1813 default key ruckus mac-auth dot1x

The following example uses the RADIUS server for Flexible authentication and excludes the use of the server for login features.

device# configure terminal
device(config)# radius-server host 10.26.67.13 auth-port 1812 acct-port 1813 default key ruckus mac-auth dot1x no-login