radius server [name]
Configures a RADIUS server entry with its IP address and authentication/accounting parameters for AAA services.
radius server [name]When to Use This Command
- Define a RADIUS server for authenticating remote VPN users connecting via IPsec.
- Configure a RADIUS server for 802.1X port-based authentication on switch ports.
- Set up a RADIUS server for administrative login authentication (e.g., SSH/Telnet).
- Add multiple RADIUS servers for redundancy in a large enterprise network.
Command Examples
Basic RADIUS server configuration with key and timeout
radius server MYRADIUS
address ipv4 192.168.1.100 auth-port 1812 acct-port 1813
key cisco123
timeout 10
retransmit 3
exitRouter(config)# radius server MYRADIUS Router(config-radius-server)# address ipv4 192.168.1.100 auth-port 1812 acct-port 1813 Router(config-radius-server)# key cisco123 Router(config-radius-server)# timeout 10 Router(config-radius-server)# retransmit 3 Router(config-radius-server)# exit Router(config)#
The command enters RADIUS server configuration mode for server named 'MYRADIUS'. The address command sets the IPv4 address and UDP ports for authentication (1812) and accounting (1813). The key command sets the shared secret. Timeout sets seconds to wait for reply, retransmit sets number of retries.
RADIUS server with dead-criteria and automation testing
radius server BACKUP_RADIUS
address ipv4 10.0.0.1 auth-port 1645 acct-port 1646
key secretkey
dead-criteria tries 5 time 30
automate-tester username testuser probe-on
exitRouter(config)# radius server BACKUP_RADIUS Router(config-radius-server)# address ipv4 10.0.0.1 auth-port 1645 acct-port 1646 Router(config-radius-server)# key secretkey Router(config-radius-server)# dead-criteria tries 5 time 30 Router(config-radius-server)# automate-tester username testuser probe-on Router(config-radius-server)# exit Router(config)#
This example configures a backup RADIUS server with non-default ports (1645/1646). The dead-criteria command marks the server as dead after 5 failed attempts within 30 seconds. The automate-tester command enables periodic probing using the username 'testuser' to detect server recovery.
Understanding the Output
The radius server command does not produce a direct output; it enters a subconfiguration mode. The output shown is the CLI prompt changes indicating you are in RADIUS server configuration mode. To verify the configuration, use 'show running-config | section radius server' or 'show radius server'. The 'show radius server' output lists all configured servers with their IP addresses, ports, keys (shown as asterisks), timeout, retransmit, dead criteria, and status (alive/dead). Key fields: Server Name, IP address, Auth Port, Acct Port, Timeout, Retransmit, Dead Time, Status. A good status is 'alive'; 'dead' indicates the server is not responding. Watch for mismatched keys or unreachable IPs.
CCNA Exam Tips
Remember that the default authentication port is 1812 and accounting port is 1813; the exam may test non-standard ports like 1645/1646.
The 'key' command is case-sensitive and must match the RADIUS server's shared secret.
You can configure multiple RADIUS servers; the order in the configuration determines the priority (first is primary).
The 'automate-tester' feature is used to proactively test server availability; know its parameters.
Common Mistakes
Forgetting to specify the key; AAA authentication will fail silently.
Using the wrong port numbers (e.g., using 1645 for auth but server expects 1812).
Not configuring a timeout and retransmit values, causing slow failover when server is down.
Related Commands
aaa authentication login default group radius local
Configures AAA authentication for login using a RADIUS server group as the primary method, falling back to local authentication if the RADIUS server is unreachable.
aaa new-model
Enables AAA (Authentication, Authorization, and Accounting) security services on a Cisco device, required before configuring any AAA commands.
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions