Configuring Authentication Servers on AOS-CX

From the Server groups page, you can configure RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  or TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. authentication servers to authenticate and authorize the users of an AOS-CX switch. The authentication servers determine if the user has access to the administrative interface.

To configure authentication servers on a switch, complete the following steps:

1. In the Network Operations app, select one of the following options:
   • To select a switch group in the filter:
     1. Set the filter to a group.
        

        The dashboard context for the group is displayed.

     2. Under Manage, click Devices > Switches.
     3. Click the AOS-CX icon to view the switch configuration dashboard.
   • To select a switch in the filter:
     1. Set the filter to Global or a group containing at least one switch.
     2. Under Manage, click Devices > Switches.
        

        A list of switches is displayed in the List view.

     3. Click an AOS-CX switch under Device Name.
        

        The dashboard context for the switch is displayed.

     4. Under Manage, click Device.
        

        The AOS-CX UI configuration page is displayed.

2. Click Security > Authentication Servers. The Authentication Servers page is displayed with number of RADIUS and TACACS servers that are configured on the switch.

Configuring a RADIUS Server on AOS-CX

To configure a RADIUS server, complete the following steps:

1. In the Authentication Servers table, point to the RADIUS server row and click the edit icon. The RADIUS servers page is displayed with the list of RADIUS servers configured on the switch.
2. To add a RADIUS server, click the + add icon.

   The Add RADIUS window is displayed.

3. Configure the following parameters:

   Table 1: RADIUS Parameters

   Name	Description	Value
   FQDN or IP address	The IP address or fully qualified domain name of the RADIUS server.
   Shared secret	The encryption key to be used during authentication sessions with the specified RADIUS server.	You can enter up to a maximum of 32 characters including letters, numbers, and special characters, except question mark (?) and double quotes (").
   Authentication Port	The authentication port number for the specified server.	Range: 1-65535 Default: 1812
   Timeout (secs)	The number of seconds to wait for a response from the RADIUS server before trying the next RADIUS server.	Range: 1-60 Default: 5
   VRF	The VRFVisualRF. VRF is an AirWave Management Platform (AMP) module that provides a real-time, network-wide views of your entire Radio Frequency environment along with floor plan editing capabilities. VRF also includes overlays on client health to help diagnose issues related to clients, floor plan, or a specific location. to be used for communicating with the RADIUS server.	Default and Management NOTE: Management VRF is not supported on the AOS-CX 4100i and 6100 switch series.
   Retry Count	The number of retry attempts for contacting the specified RADIUS server.	Range: 0-5 Default: 1

4. Click Apply. The added server is displayed in the RADIUS servers page.

   The server that was added first is accessed first, and if necessary, the second server is accessed second, and so on. You can rearrange the order by dragging the server to a different position using the drag-and-drop icon.

5. Click Save.

Configuring TACACS Server on AOS-CX

To configure a TACACS server, complete the following steps:

1. In the Authentication Servers table, point to the TACACS server row and click the edit icon. The TACACS servers page is displayed with the list of TACACS servers configured on the switch.
2. To add a TACACS server, click the + add icon.

   The Add TACACS window is displayed.

3. Configure the following parameters:

   Table 2: TACACS Parameters

   Name	Description	Value
   FQDN or IP address	The IP address or fully qualified domain name of the TACACS server.
   Shared secret	The encryption key to be used during authentication sessions with the specified TACACS server.	You can enter up to a maximum of 32 characters including letters, numbers, and special characters, except question mark (?) and double quotes (").
   Authentication Port	The authentication port number for the specified TACACS server.	Range: 1-65535 Default: 49
   Timeout (secs)	The number of seconds to wait for a response from the TACACS server before trying the next TACACS server.	Range: 1-60 Default: 5
   VRF	The VRF to be used for communicating with the TACACS server.	Default and Management NOTE: Management VRF is not supported on the AOS-CX 4100i and 6100 switch series.

4. Click Apply. The added server is displayed in the TACACS servers page.

   The server that was added first is accessed first, and if necessary, the second server is accessed second, and so on. You can rearrange the order by dragging the server to a different position using the drag-and-drop icon.

5. Click Save.