In this section:

Use the Radius Server window to configure up to three RADIUS servers, per SBC, to which you want to submit requests to authenticate SBC users. When more than one RADIUS server is configured and RADIUS authentication is attempted, the server configured with the lowest numeric priority value is tried first. If fallback is configured, the server with the next lowest numeric priority value is tried next. SBC allows a configurable number of retries and time-outs before retry.


Info

Each SBC user is provided a private home directory for SFTP and files used by the CLI (refer to "Unique Home Directories" section on the page Managing SBC Core Users and Accounts). When using Radius authentication, users are only known to the Radius server and therefore do not have private home directories on the SBC. To create these home directories, you must also create Radius users on the SBC (refer to Local Authentication - CLI).

To View the List of RADIUS Servers

On the SBC main screen, choose a path to view the Radius Server window.

  • Administration > Users and Application Management > Radius Authentication> Radius Server 
  • Administration > Accounting and Logs > Radius Authentication > Radius Server


To Create a RADIUS Server

Note

You can configure up to three RADIUS servers per SBC. The New Radius Server option is not available once three servers are configured.

To create a new RADIUS server configuration:

  1.  Click New Radius Server. The Create New Radius Server window is displayed.


  2. Use the following table to configure the RADIUS server, and then click Save.

RADIUS Server Parameters

ParameterLength/RangeDescription
Server NameUp to 23 charactersThe name for the RADIUS server.
Priority 1-8When configuring multiple RADIUS servers, use this attribute to specify the order to attempt RADIUS authentication. The RADIUS server with the lowest numeric priority value is contacted first.
StateN/AOperational state of the RADIUS server. Options are
  • Disabled (default)
  • Enabled
Radius Server IP

IPv4 or IPv6 address format

The IPv4 or IPv6 address of the RADIUS server. The default value is 0.0.0.0.

Radius Server Port1-65535The RADIUS server port to which the SBC sends requests. The default value is 1812.
Radius Nas IPIPv4 address formatThe IPv4 address of the SBC to send in the ACCESS_REQUEST message. The default value is 0.0.0.0.
Radius Shared Secret6-128 charactersThe shared secret used to encrypt the data exchanged between the SBC and the RADIUS server.
Mgmt Interface Group

N/A

The Management Interface Group to use to connect to the RADIUS server.

Note

In an SBC HA configuration, four management IP addresses must be listed:

  • mgt0 and mgt1 IP addresses of the Active CE
  • mgt0 and mgt1 IP addresses of and Standby CE
Authentication MethodN/AThe type of authentication to use.
  • Pap – Password Authentication Protocol. The password is sent in the RADIUS request, encoded with the shared secret. (default)
  • PeapmschapV2 – Protected EAP/ Microsoft Challenge Handshake Authentication Protocol. The password is sent using the Extensible Authentication Protocol over TLS and authenticated using the Microsoft Challenge Handshake Authentication Protocol.
Vsa Vendor Type

0-255

Enter "none" to allow all VSA vendor-types, or a number between 0-255 to only return the group name in a VSA with that vendor-type.

To Copy a RADIUS Server

Note

You can configure up to three RADIUS servers per SBC. Consequently, the Copy Radius Server option is disabled once three servers are configured.

To copy the configuration of an existing RADIUS server and modify it to create a new configuration: 

  1. Click the radio button adjacent to its name.
  2. Click Copy Radius Server. The Copy Radius Server window opens showing the values of the configuration you are copying. 
  3. Make changes to the fields as needed and click Save.

To Delete a RADIUS Server

To delete a RADIUS server configuration:

  1. Click the radio button adjacent to the name of the RADIUS server configuration to delete.
  2. Click the Delete icon (X) at the right end of the row.
  3. Confirm the deletion when prompted.


  • No labels