This command configures the key to be used in RADIUS client communication with the specified server. The key can be configured for all RADIUS servers or, depending on whether the auth or acct token is used, the shared secret is configured for the particular RADIUS authentication or accounting server. The IP address or IPv6 address or hostname, when provided, must match a previously configured server. When this command is executed, the secret is prompted.
Text-based configuration supports RADIUS server's secrets in encrypted and non-encrypted format. When you save the configuration, these secret keys are stored in encrypted format only. If you want to enter the key in encrypted format, enter the key along with the encrypted keyword. In the show running-config command's display, these secret keys are displayed in encrypted format. You cannot show these keys in plain text format.
The secret must be an alphanumeric value not exceeding 64 characters.
| Format | radius server key [auth | acct | encrypted password] {ipaddr | ipv6addr | hostname} encrypted password |
| Mode | Global Config |
| Field | Description |
|---|---|
| ipaddr | The IP address of the server. |
| dnsname | The DNS name of the server. |
| password | The password in encrypted format. |
Example: The following shows an example of the CLI command.
radius server key acct 10.240.4.10 encrypted encrypt-string
