NVIDIA NVOS User Manual for InfiniBand Switches v25.02.5030
NVIDIA Docs Hub Homepage  NVIDIA Networking  Networking Software  Switch Software  NVIDIA NVOS User Manual for InfiniBand Switches v25.02.5030  RADIUS

On This Page

RADIUS

Various add-on packages enable RADIUS users to log in to NVOS switches in a transparent way with minimal configuration. There is no need to create accounts or directories on the switch. Authentication uses PAM and includes login, ssh, restapi, sudo and su.

RADIUS Client

RADIUS configuration is made of global configurations and per-server configurations. In general, if per-server configuration is not defined, the configuration will be taken from the global configuration.

All nv radius commands can be found in RADIUS Commands, where global ones are direct under /system/aaa/radius and per-server ones or under /system/aaa/radius/hostname/<hostname-id>

Radius Users

NVOS supports 3 types of RADIUS users, defined by Management-Privilege-Level configured in radius-server.

  • Management-Privilege-Level := 15 # admin privileged users (nv set, nv config apply)

  • Management-Privilege-Level := 7 # monitor privileged users (nv show)

  • Management-Privilege-Level := 1 # non-privileged users (no nv commands access)

RADIUS Server Setup and Usage Example

Radius server can be configured either on a remote host, or on the switch itself (for testing or sanity-check).

Basic RADIUS Server Configuration

To conduct a basic RADIUS server configuration, add sections to "users" and "clients.conf" files.

User File Example

Copy
Copied!
            

            
radius_user Cleartext-Password := "radius_user_password"
        Management-Privilege-Level := <15,7,1

Client File Example

Copy
Copied!
            

            
client client_name {
        ipaddr          = 10.1.2.3
        secret          = radius-secret
}
# Or as  CIDR block such as:
client 10.0.0.0/8 {
        secret          = testing-radius
}


How To Set Up Basic FreeRADIUS Server

  1. Run the following command in a Debian machine or other similar Linux distributions.

    Copy
    Copied!
                
    
            
    sudo apt-get update
sudo apt-get install freeradius -y

  2. Add your client IP to /etc/freeradius/3.0/clients.conf file as:

    Copy
    Copied!
                
    
            
    client client_name {
        ipaddr          = <CLIENT_IP>
        secret          = mysecret
}

    or use CIDR block:

    Copy
    Copied!
                
    
            
    client 10.0.0.0/8 {
        secret          = global-secret
}

  3. Add your required radius users to /etc/freeradius/3.0/users file as:

    Copy
    Copied!
                
    
            
    radius_admin_user Cleartext-Password := "radius_password"
        Management-Privilege-Level := 15
 
radius_monitor_user Cleartext-Password := "radius_password"
        Management-Privilege-Level := 7
 
radius_non_priv_user Cleartext-Password := "radius_password"
        Management-Privilege-Level := 1

  4. Reboot freeRADIUS service (and make sure it is running).

    Copy
    Copied!
                
    
            
    sudo service freeradius restart
sudo service freeradius status

  5. Configure RADIUS client to use such server.

    Copy
    Copied!
                
    
            
    admin@nvos:~$ nv set system aaa radius hostname <radius-server-ip> secret radius-secret
admin@nvos:~$ nv set system aaa authentication order radius,local
admin@nvos:~$ nv config apply -y

  6. Login with configured users.

RADIUS Commands
© Copyright 2025, NVIDIA. Last updated on Oct 21, 2025.
content here