+8613606913517
info@ele-supply.com
enLanguage

How to configure a RADIUS server for authentication on mach104 hirschmann?

Jul 09, 2025Leave a message

Hey there! As a supplier of Mach104 Hirschmann products, I often get asked about how to configure a RADIUS server for authentication on Mach104 Hirschmann devices. In this blog post, I'm gonna walk you through the process step by step.

First off, let's understand what a RADIUS server is. RADIUS, which stands for Remote Authentication Dial-In User Service, is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service. When it comes to Mach104 Hirschmann switches, setting up a RADIUS server can enhance security by validating user credentials before allowing access to the network.

Prerequisites

Before you start configuring the RADIUS server, you'll need a few things:

  1. A working RADIUS server. You can use popular ones like FreeRADIUS (open - source) or Windows Server's NPS (Network Policy Server).
  2. A Mach104 Hirschmann switch. This is the device where you'll be enabling RADIUS - based authentication.
  3. Network connectivity between the Mach104 switch and the RADIUS server. Make sure they can communicate on the appropriate ports (usually UDP 1812 for authentication and UDP 1813 for accounting).

Step 1: Access the Mach104 Hirschmann Switch

To start the configuration process, you need to access the command - line interface (CLI) of the Mach104 switch. You can do this via a console cable connected to your computer or through Telnet/SSH if you've already set up remote access.

Step 2: Enter the Configuration Mode

Once you're logged in to the switch, enter the global configuration mode. You can do this by typing the following command:

enable
configure terminal

The enable command gives you administrative privileges, and configure terminal takes you into the configuration mode where you can make changes to the switch settings.

Step 3: Define the RADIUS Server

Now, you need to tell the Mach104 switch about the RADIUS server. Use the following command:

radius - server host <IP_address> key <shared_secret>

Replace <IP_address> with the actual IP address of your RADIUS server and <shared_secret> with a pre - shared secret. This secret is a password that both the switch and the RADIUS server use to authenticate each other's messages. For example:

radius - server host 192.168.1.100 key mysecretpassword

Step 4: Configure RADIUS Authentication

Next, you'll configure the switch to use RADIUS for authentication. You can do this for different types of access, such as console, Telnet, SSH, etc.

Console Authentication

To use RADIUS for console authentication, use the following command:

line console 0
login authentication radius

This tells the switch to use RADIUS authentication when a user tries to log in through the console port.

Telnet and SSH Authentication

For Telnet and SSH, you need to configure the virtual terminal lines. Use the following commands:

line vty 0 15
login authentication radius

Here, vty 0 15 represents the virtual terminal lines from 0 to 15, which are used for Telnet and SSH connections.

Step 5: Set the Authentication Order

You can also set the order in which the switch tries different authentication methods. For example, if you want the switch to first try RADIUS and then local authentication if RADIUS fails, use the following command:

aaa authentication login default group radius local

The aaa authentication login default sets the default authentication method for all logins. group radius tells the switch to try RADIUS first, and local means it will fall back to local authentication if RADIUS fails.

Step 6: Save the Configuration

After you've made all the necessary changes, don't forget to save the configuration so that it persists after a reboot. Use the following command:

write memory

Troubleshooting

If you encounter issues with RADIUS authentication, here are some things to check:

hirschmann ms20Hirschmann MS20-1600SAAEHH

  • Network Connectivity: Make sure the switch can reach the RADIUS server on the correct ports. You can use tools like ping and traceroute to test connectivity.
  • Shared Secret: Double - check that the shared secret on the switch and the RADIUS server matches. A mismatch will cause authentication failures.
  • RADIUS Server Logs: Check the logs on the RADIUS server. It can provide detailed information about authentication attempts, including why they failed.

Related Hirschmann Products

If you're interested in other Hirschmann products, we also supply some great devices like the Hirschmann MACH102 - 24TP - F, Hirschmann MAR1040 - 4C4C4C4C9999SMMHPHH, and Hirschmann MS20 - 1600SAAEHH. These devices also offer advanced networking features and can be integrated into your existing network infrastructure.

Conclusion

Configuring a RADIUS server for authentication on Mach104 Hirschmann switches is a great way to enhance network security. By following the steps outlined in this blog post, you should be able to set it up without too much hassle. If you have any questions or need further assistance, don't hesitate to reach out. We're here to help you with all your Hirschmann product needs. Whether you're looking to expand your network, improve security, or just need some technical advice, we're your go - to supplier. Contact us to start a procurement discussion and take your network to the next level.

References

  • Hirschmann Network Switches User Manual
  • FreeRADIUS Documentation
  • Windows Server NPS Documentation