RADIUS
The nv unset
commands remove the configuration you set with the equivalent nv set
commands. This guide only describes an nv unset
command if it differs from the nv set
command.
nv set system aaa radius accounting state
Enables RADIUS user command accounting, which lets you log every command that a user runs and send the commands to the primary RADIUS server for auditing. Audit logs are a requirement for compliance standards, such as PCI and HIPPA.
You can specify enabled
or disabled
.
The RADIUS server must be configured to accept packets from clients and have a dictionary entry for NV-Command-String.
The /var/log/radius-cmd-acct.log
file contains the local copy of the logs, which match the logs that the server receives.
Version History
Introduced in Cumulus Linux 5.11.0
Example
cumulus@switch:~$ nv set system aaa radius accounting state enabled
nv set system aaa radius debug
Configures the debug option for troubleshooting. The debugging messages write to /var/log/syslog
. When the RADIUS client is working correctly, you can disable the debug option. You can specify enable
or disable
.
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa radius debug enable
nv set system aaa radius enable
Enables (on
) and disables (off
) RADIUS.
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa radius enable on
nv set system aaa radius port
Configures the port you want to use for all RADIUS communication. You can specify a value between 0 and 65535. The default value is 1812.
nv set system aaa radius privilege-level
Configures the minimum privilege level that determines if users can configure the switch with NVUE commands and sudo, or have read-only rights. The default privilege level is 15, which provides full administrator access. This is a global option only; you cannot set the minimum privilege level for specific RADIUS servers.
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa radius privilege-level 10
nv set system aaa radius retransmit
Configures the maximum number of retransmission attempts allowed for requests when a RADIUS authentication request times out. This is a global option only; you cannot set the number of retransmission attempts for specific RADIUS servers.
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa radius retransmit 8
nv set system aaa radius server <hostname-id>
Configures the IP address or hostname of the RADIUS server.
Command Syntax
Syntax | Description |
---|---|
<hostname-id> | The IP address or hostname of the RADIUS server. |
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa radius server 192.168.0.254
nv set system aaa radius server <hostname-id> port
Configures the port used to communicate with the specified RADIUS Server. A port is optional. You can set a value between 0 and 65535. The default value is 1812.
Command Syntax
Syntax | Description |
---|---|
<hostname-id> | The IP address or hostname of the RADIUS server. |
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa radius server 192.168.0.254 port 42
nv set system aaa radius server <hostname-id> priority
Configures the priority at which Cumulus Linux contacts the specified RADIUS server for load balancing. You can set a value between 1 and 100. The lower value is the higher priority.
Command Syntax
Syntax | Description |
---|---|
<hostname-id> | The IP address or hostname of the RADIUS server. |
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa radius server 192.168.0.254 priority 10
nv set system aaa radius server <hostname-id> secret
Configures the secret key shared between the specified RADIUS server and client. If you include special characters in the key (such as $
), you must enclose the key in single quotes (').
Command Syntax
Syntax | Description |
---|---|
<hostname-id> | The IP address or hostname of the RADIUS server. |
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa radius server 192.168.0.254 secret 'myradius$key'
nv set system aaa radius server <hostname-id> source-ip
Configures the specific interface IPv4 or IPv6 address you want to use to reach the RADIUS server. If you configure multiple RADIUS servers, you can configure a specific interface to reach all RADIUS servers with the nv set system aaa radius source-ip
command, described below.
Command Syntax
Syntax | Description |
---|---|
<hostname-id> | The IP address or hostname of the RADIUS server. |
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa radius server 192.168.0.254 source-ip 192.168.1.10
nv set system aaa radius server <hostname-id> timeout
Configures the timeout value when a server is slow or latencies are high. You can set a value between 1 and 60. The default timeout is 3 seconds. If you configure multiple RADIUS servers, you can set a global timeout for all servers with the nv set system aaa radius timeout
command.
Command Syntax
Syntax | Description |
---|---|
<hostname-id> | The IP address or hostname of the RADIUS server. |
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa radius server 192.168.0.254 timeout 10
nv set system aaa radius source-ipv4
Configures the specific interface IPv4 address to reach all RADIUS servers.
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa radius source-ipv4 192.168.1.10
nv set system aaa radius source-ipv6
Configures the specific interface IPv6 address to reach all RADIUS servers.
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa radius source-ipv6 0:0:0:0:0:ffff:c0a8:010a
nv set system aaa radius timeout
Configures the global timeout value when servers are slow or latencies are high. You can set a value between 1 and 60. The default timeout is 3 seconds.
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa radius timeout 10
nv set system aaa radius vrf <vrf-name>
Configures the VRF you want to use to communicate with RADIUS servers. This is typically the management VRF (mgmt
), which is the default VRF on the switch. You cannot specify more than one VRF.
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa radius vrf mgmt