Radius Failover Configuration On Dell Switch

logo

Scenario
Make
: Dell Switches
Model: N4032, N2048, etc
Server: Radius Server 2012, 2016, 2019
Description: This article is to discuss and show stepwise how to configure Two Radius Servers for authentication on Dell Switch stack. This configuration is valid for other Dell switch models as well. Both Radius work as fail-over.

Configuration On Switch

Step1: Configure aaa model on the switch to allow AAA
This is important to configure the aaa model on the switch to start Authentication, Authorization and Accounting. Use the command as shown below.

edledge-switch(config)#aaa new-model

Step2: Configure aaa group and Radius Server
Configure radius group for authentication and authorization. Follow the command shown below.

edledge-switch(config)#aaa authentication enable EDL radius local

edledge-switch(config)#aaa authorization exec EDL radius local

Step3: Add Radius Server Details On The Switch
Let us consider the IP address of the
Radius Server 1 is 10.1.1.11
Radius Server 2 is 10.1.1.12

Add the radius server details on the switch as shown below.

edledge-switch(config)#radius-server host 10.1.1.11
edledge-switch(config-auth-radius)#key edledge

Save this key somewhere. This key will be used when the switch (host) will be added to the server.

Similarly add the second radius server

edledge-switch(config)#radius-server host 10.1.1.12
edledge-switch(config-auth-radius)#key edledgeserver

Save this key somewhere. This key will be used when the switch (host) will be added to the server.

All the required details of the radius server are added to the switch. Now it’s time to add the host (switch) to the server. Authentication policies are defined on the radius server which controls the client’s connection.

Configuration On Server

Step4: Access NPS Of Radius Server
RDP to the Radius Server [Radius Server 1 – 10.1.1.11] and open Server Manager and then NPS. Follow the steps shown below. Considering

mstsc ==> Radius server ==> Server Manager ==> Network Policy Server

Step5: Add Host (Switch) To The Radius Server
Right-click on “Radius Clients” and then click “New” to add the host to the server, as shown below.

Step6: Add Host (Switch) To The Radius Server
Considering Name of the switch is “edledge-switch“ and IP address is “10.1.1.1”. Radius Key will be edledge [The same key we had used in Step 3]

Step7: Check & Ensure Host Is Successfully Added To The Radius Server.

Follow steps 4 to 7 to add the host (switch) on the second Radius Server [Radius Server 2 – 10.1.1.12]. Once the host is added to both Radius Servers then radius fail-over is all set to use.

If you are looking to configure only one radius server on Dell Switch Stack then follow the steps described in Radius Configuration On Dell Switch. Also, if you are planning to configure two radius servers to work in failover mode in the Cisco switch stack, do not forget to see Radius Fail-over Configuration On Cisco Switch.

Source: DellLab, Knowledge Base

EA00040

Leave a Reply

Your email address will not be published.