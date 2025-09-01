NVIDIA NVOS User Manual for InfiniBand Switches v25.02.3000
Various add-on packages enable RADIUS users to log in to NVOS switches in a transparent way with minimal configuration. There is no need to create accounts or directories on the switch. Authentication uses PAM and includes login, ssh, restapi, sudo and su.

RADIUS Client

RADIUS configuration is made of global configurations and per-server configurations. In general, if per-server configuration is not defined, the configuration will be taken from the global configuration.

All nv radius commands can be found in RADIUS Commands, where global ones are direct under /system/aaa/radius and per-server ones or under /system/aaa/radius/hostname/<hostname-id>

Radius Users

NVOS supports 3 types of RADIUS users, defined by Management-Privilege-Level configured in radius-server.

  • Management-Privilege-Level := 15 # admin privileged users (nv set, nv config apply)

  • Management-Privilege-Level := 7 # monitor privileged users (nv show)

  • Management-Privilege-Level := 1 # non-privileged users (no nv commands access)

RADIUS Server Setup and Usage Example

Radius server can be configured either on a remote host, or on the switch itself (for testing or sanity-check).

Basic RADIUS Server Configuration

To conduct a basic RADIUS server configuration, add sections to "users" and "clients.conf" files.

User File Example

radius_user Cleartext-Password := "radius_user_password"
        Management-Privilege-Level := <15,7,1

Client File Example

client client_name {
        ipaddr          = 10.1.2.3
        secret          = radius-secret
}
# Or as  CIDR block such as:
client 10.0.0.0/8 {
        secret          = testing-radius
}


How To Set Up Basic FreeRADIUS Server

  1. Run the following command in a Debian machine or other similar Linux distributions.

    sudo apt-get update
sudo apt-get install freeradius -y

  2. Add your client IP to /etc/freeradius/3.0/clients.conf file as:

    client client_name {
        ipaddr          = <CLIENT_IP>
        secret          = mysecret
}

    or use CIDR block:

    client 10.0.0.0/8 {
        secret          = global-secret
}

  3. Add your required radius users to /etc/freeradius/3.0/users file as:

    radius_admin_user Cleartext-Password := "radius_password"
        Management-Privilege-Level := 15
 
radius_monitor_user Cleartext-Password := "radius_password"
        Management-Privilege-Level := 7
 
radius_non_priv_user Cleartext-Password := "radius_password"
        Management-Privilege-Level := 1

  4. Reboot freeRADIUS service (and make sure it is running).

    sudo service freeradius restart
sudo service freeradius status

  5. Configure RADIUS client to use such server.

    admin@nvos:~$ nv set system aaa radius hostname <radius-server-ip> secret radius-secret
admin@nvos:~$ nv set system aaa authentication order radius,local
admin@nvos:~$ nv config apply -y

  6. Login with configured users.

