Courseiva
AAARADIUS Config

address ipv4 [ip] auth-port 1812

Configures the IPv4 address and authentication port for a RADIUS server, used to specify the server that handles AAA authentication requests.

Syntax·RADIUS Config
address ipv4 [ip] auth-port 1812

When to Use This Command

  • Setting up a primary RADIUS server for network device authentication in a corporate network.
  • Configuring a backup RADIUS server with a different port for redundancy.
  • Integrating with a third-party RADIUS server like Cisco ISE or FreeRADIUS for centralized AAA.
  • Changing the default authentication port (1812) to a custom port for security or compatibility reasons.

Command Examples

Basic RADIUS server configuration with default port

address ipv4 192.168.1.100 auth-port 1812

No output is generated for this configuration command. The command sets the RADIUS server IPv4 address to 192.168.1.100 and the authentication UDP port to 1812 (default).

Configuring a RADIUS server with custom authentication port

address ipv4 10.0.0.5 auth-port 1645

This command sets the RADIUS server IPv4 address to 10.0.0.5 and the authentication port to 1645, which is an alternative standard port. No output is displayed upon successful configuration.

Understanding the Output

This command does not produce any output when executed. It is a configuration command that modifies the RADIUS server configuration in the running configuration. To verify the configuration, use 'show running-config | section radius' or 'show radius server'. The output of 'show radius server' displays the configured servers, their IP addresses, ports, and status (e.g., dead or alive). A good status shows 'current state: alive' with low response times; a bad status shows 'current state: dead' or high timeouts. Watch for incorrect port numbers or unreachable IP addresses.

CCNA Exam Tips

1.

Remember that the default RADIUS authentication port is UDP 1812, but some legacy systems use 1645.

2.

The 'address ipv4' command is used in RADIUS server configuration mode, not global config.

3.

CCNA may test that RADIUS uses UDP, while TACACS+ uses TCP.

4.

You must configure a key (shared secret) using the 'key' command for the RADIUS server to work.

Common Mistakes

Forgetting to specify the authentication port, which defaults to 1812 but may be incorrect if the server uses a different port.

Using the wrong IP address or a reachable but incorrect server, causing authentication failures.

Not configuring a shared secret key, leading to authentication rejections.

Related Commands

aaa authentication login default group radius local

Configures AAA authentication for login using a RADIUS server group as the primary method, falling back to local authentication if the RADIUS server is unreachable.

aaa new-model

Enables AAA (Authentication, Authorization, and Accounting) security services on a Cisco device, required before configuring any AAA commands.

key [shared-secret]

Configures the shared secret key used for RADIUS authentication and accounting between the Cisco device and the RADIUS server.

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions