RADIUS

The nv unset commands remove the configuration you set with the equivalent nv set commands. This guide only describes an nv unset command if it differs from the nv set command.


nv set system aaa radius accounting state

Enables RADIUS user command accounting, which lets you log every command that a user runs and send the commands to the primary RADIUS server for auditing. Audit logs are a requirement for compliance standards, such as PCI and HIPPA.

You can specify enabled or disabled.

The RADIUS server must be configured to accept packets from clients and have a dictionary entry for NV-Command-String.

The /var/log/radius-cmd-acct.log file contains the local copy of the logs, which match the logs that the server receives.

Version History

Introduced in Cumulus Linux 5.11.0

Example

cumulus@switch:~$ nv set system aaa radius accounting state enabled

nv set system aaa radius debug

Configures the debug option for troubleshooting. The debugging messages write to /var/log/syslog. When the RADIUS client is working correctly, you can disable the debug option. You can specify enable or disable.

Version History

Introduced in Cumulus Linux 5.7.0

Example

cumulus@switch:~$ nv set system aaa radius debug enable

nv set system aaa radius enable

Enables (on) and disables (off) RADIUS.

Version History

Introduced in Cumulus Linux 5.7.0

Example

cumulus@switch:~$ nv set system aaa radius enable on

nv set system aaa radius port

Configures the port you want to use for all RADIUS communication. You can specify a value between 0 and 65535. The default value is 1812.


nv set system aaa radius privilege-level

Configures the minimum privilege level that determines if users can configure the switch with NVUE commands and sudo, or have read-only rights. The default privilege level is 15, which provides full administrator access. This is a global option only; you cannot set the minimum privilege level for specific RADIUS servers.

Version History

Introduced in Cumulus Linux 5.7.0

Example

cumulus@switch:~$ nv set system aaa radius privilege-level 10

nv set system aaa radius retransmit

Configures the maximum number of retransmission attempts allowed for requests when a RADIUS authentication request times out. This is a global option only; you cannot set the number of retransmission attempts for specific RADIUS servers.

Version History

Introduced in Cumulus Linux 5.7.0

Example

cumulus@switch:~$ nv set system aaa radius retransmit 8

nv set system aaa radius server <hostname-id>

Configures the IP address or hostname of the RADIUS server.

Command Syntax

SyntaxDescription
<hostname-id>The IP address or hostname of the RADIUS server.

Version History

Introduced in Cumulus Linux 5.7.0

Example

cumulus@switch:~$ nv set system aaa radius server 192.168.0.254

nv set system aaa radius server <hostname-id> port

Configures the port used to communicate with the specified RADIUS Server. A port is optional. You can set a value between 0 and 65535. The default value is 1812.

Command Syntax

SyntaxDescription
<hostname-id>The IP address or hostname of the RADIUS server.

Version History

Introduced in Cumulus Linux 5.7.0

Example

cumulus@switch:~$ nv set system aaa radius server 192.168.0.254 port 42

nv set system aaa radius server <hostname-id> priority

Configures the priority at which Cumulus Linux contacts the specified RADIUS server for load balancing. You can set a value between 1 and 100. The lower value is the higher priority.

Command Syntax

SyntaxDescription
<hostname-id>The IP address or hostname of the RADIUS server.

Version History

Introduced in Cumulus Linux 5.7.0

Example

cumulus@switch:~$ nv set system aaa radius server 192.168.0.254 priority 10

nv set system aaa radius server <hostname-id> secret

Configures the secret key shared between the specified RADIUS server and client. If you include special characters in the key (such as $), you must enclose the key in single quotes (').

Command Syntax

SyntaxDescription
<hostname-id>The IP address or hostname of the RADIUS server.

Version History

Introduced in Cumulus Linux 5.7.0

Example

cumulus@switch:~$ nv set system aaa radius server 192.168.0.254 secret 'myradius$key'

nv set system aaa radius server <hostname-id> source-ip

Configures the specific interface IPv4 or IPv6 address you want to use to reach the RADIUS server. If you configure multiple RADIUS servers, you can configure a specific interface to reach all RADIUS servers with the nv set system aaa radius source-ip command, described below.

Command Syntax

SyntaxDescription
<hostname-id>The IP address or hostname of the RADIUS server.

Version History

Introduced in Cumulus Linux 5.7.0

Example

cumulus@switch:~$ nv set system aaa radius server 192.168.0.254 source-ip 192.168.1.10

nv set system aaa radius server <hostname-id> timeout

Configures the timeout value when a server is slow or latencies are high. You can set a value between 1 and 60. The default timeout is 3 seconds. If you configure multiple RADIUS servers, you can set a global timeout for all servers with the nv set system aaa radius timeout command.

Command Syntax

SyntaxDescription
<hostname-id>The IP address or hostname of the RADIUS server.

Version History

Introduced in Cumulus Linux 5.7.0

Example

cumulus@switch:~$ nv set system aaa radius server 192.168.0.254 timeout 10

nv set system aaa radius source-ipv4

Configures the specific interface IPv4 address to reach all RADIUS servers.

Version History

Introduced in Cumulus Linux 5.7.0

Example

cumulus@switch:~$ nv set system aaa radius source-ipv4 192.168.1.10

nv set system aaa radius source-ipv6

Configures the specific interface IPv6 address to reach all RADIUS servers.

Version History

Introduced in Cumulus Linux 5.7.0

Example

cumulus@switch:~$ nv set system aaa radius source-ipv6 0:0:0:0:0:ffff:c0a8:010a

nv set system aaa radius timeout

Configures the global timeout value when servers are slow or latencies are high. You can set a value between 1 and 60. The default timeout is 3 seconds.

Version History

Introduced in Cumulus Linux 5.7.0

Example

cumulus@switch:~$ nv set system aaa radius timeout 10

nv set system aaa radius vrf <vrf-name>

Configures the VRF you want to use to communicate with RADIUS servers. This is typically the management VRF (mgmt), which is the default VRF on the switch. You cannot specify more than one VRF.

Version History

Introduced in Cumulus Linux 5.7.0

Example

cumulus@switch:~$ nv set system aaa radius vrf mgmt