In this section:

Use the Radius Server window to configure up to three RADIUS servers, per SBC, to which you want to submit requests to authenticate SBC users. When more than one RADIUS server is configured and RADIUS authentication is attempted, the server configured with the lowest numeric priority value is tried first. If fallback is configured, the server with the next lowest numeric priority value is tried next. SBC allows a configurable number of retries and time-outs before retry.


Info

Each SBC user is provided a private home directory for SFTP and files used by the CLI (refer to "Unique Home Directories" section on the page Managing SBC Core Users and Accounts). When using Radius authentication, users are only known to the Radius server and therefore do not have private home directories on the SBC. To create these home directories, you must also create Radius users on the SBC (refer to Local Authentication - CLI).

To View the List of RADIUS Servers

On the SBC main screen, go to Administration > Users and Application Management > Radius Authentication> Radius Server to open the Radius Server window is displayed.

To Create a RADIUS Server

Note

You can configure up to three RADIUS servers per SBC. The New Radius Server option is not available once three servers are configured.

To create a new RADIUS server configuration:

  1.  Click New Radius Server. The Create New Radius Server window is displayed.

  2. Use the following table to specify configuration for a RADIUS server, then click Save.

RADIUS Server Parameters

ParameterDescription
Server NameThe name for the RADIUS server (up to 23 characters).
Priority When configuring multiple RADIUS servers, use this attribute to specify the order to attempt RADIUS authentication. The RADIUS server with the lowest numeric priority value is contacted first.
StateOperational state of the RADIUS server. Options are
  • Disabled (default)
  • Enabled
Radius Server IP

The IPv4 or IPv6 address of the RADIUS server. The default value is 0.0.0.0.

Radius Server PortThe RADIUS server port to which the SBC sends requests. Range: 1-65535. The default value is 1812.
Radius Nas IPThe IPv4 address of the SBC to send in the ACCESS_REQUEST message. The default value is 0.0.0.0.
Radius Shared SecretThe shared secret used to encrypt the data exchanged between the SBC and the RADIUS server. Range: 6-128 characters.
Mgmt Interface Group

The Management Interface Group to use to connect to the RADIUS server.

Note

In an SBC HA configuration, four management IP addresses must be listed:

  • mgt0 and mgt1 IP addresses of the Active CE
  • mgt0 and mgt1 IP addresses of and Standby CE
Authentication MethodThe type of authentication to use.
  • Pap – Password Authentication Protocol. The password is sent in the RADIUS request, encoded with the shared secret. (default)
  • PeapmschapV2 – Protected EAP/ Microsoft Challenge Handshake Authentication Protocol. The password is sent using the Extensible Authentication Protocol over TLS and authenticated using the Microsoft Challenge Handshake Authentication Protocol.
Vsa Vendor Type

Enter "none" to allow all VSA vendor-types, or a number between 0-225 to only return the group name in a VSA with that vendor-type.

To Copy a RADIUS Server

Note

You can configure up to three RADIUS servers per SBC. The Copy Radius Server option is not available once three servers are configured.

To copy the configuration of an existing RADIUS server and modify it to create a new configuration: 

  1. Click the radio button adjacent to its name.
  2. Click Copy Radius Server. The Copy Radius Server window opens showing the values of the configuration you are copying. 
  3. Make changes to the fields as needed and click Save.

To Delete a RADIUS Server

To delete a RADIUS server configuration:

  1. Click the radio button adjacent to the name of the RADIUS server configuration you want to delete.
  2. Click the Delete icon (X) at the right end of the row.
  3. Confirm the deletion when prompted.


  • No labels