In this section:
This object provides an option for configuring users on a remote RADIUS server and authenticating login attempts with that RADIUS server. The authenticating user should be part of the Administrator group.
Info
For configuration details, refer to Configuring SBC for RADIUS Authentication.
Info
Each SBC user is provided a private home directory for SFTP and files used by the CLI (refer to "Unique Home Directories" section on the page Managing SBC Core Users and Accounts). When using Radius authentication, users are only known to the Radius server and therefore do not have private home directories on the SBC. To create these home directories, you must also create Radius users on the SBC (refer to Local Authentication - CLI).
The CLI syntax to configure RADIUS-based authentication is provided below.
Radius Server
Use this object to configure each RADIUS server for the specified Management Interface Group.
Command Syntax
% set oam radiusAuthentication radiusServer <serverName>
authenticationMethod <pap | peapmschapv2>
mgmtInterfaceGroup <string>
priority <#>
radiusNasIp <x.x.x.x>
radiusServerIp <x.x.x.x>
radiusServerPort <#>
radiusSharedSecret <8-128>
state <disabled | enabled>
Command Parameters
Radius Server Parameters
| Parameter | Length/Range | Description | |
|---|---|---|---|
<name> | 1-23 characters | RADIUS server name. | M |
| N/A | The type of authentication to use.
| |
mgmtInterfaceGroup | N/A | Name of the Management Interface Group to connect to this RADIUS server. | O |
priority | 1-8 | When configuring multiple RADIUS servers, use this attribute to specify the order to attempt RADIUS authentication. The RADIUS server with the lowest priority is contacted first. | M |
radiusNasIp | IPv4 format | IPv4 address of the SBC to send in ACCESS_REQUEST. (default = 0.0.0.0) | |
radiusServerIp | IPv4 format | IPv4 address of the RADIUS server. | |
radiusServerPort | 1-65535 | The RADIUS server port to which the SBC sends the request. | |
radiusSharedSecret | 8-128 characters | The shared secret used to encrypt the data exchanged between SBC and RADIUS server. | |
state | N/A | Operational state of the RADIUS server
|
Retry Criteria
Use this parameter to configure the authentication retry criteria before the SBC times out as well as the RADIUS server out-of-service setting.
Command Syntax
% set oam radiusAuthentication retryCriteria oosDuration <# minutes> retryCount <#> retryTimer <# milliseconds>
Command Parameters
Retry Criteria Parameters
| Parameter | Length/Range | Description |
|---|---|---|
oosDuration | 0-300 | Time in minutes the RADIUS server remains out of service after a timeout. |
retryCount | 1-3 | Number of retries the SBC uses to attempt authentication. (Default = 3) |
| 500-3000 | Time in milliseconds before the SBC attempts another authentication request. (Default = 1000) |
Command Examples
The following example configures SBC to communicate with the external RADIUS server for user authentication:
Configuration Examples
set oam radiusAuthentication radiusServer s1 priority 1
set oam radiusAuthentication radiusServer s1 mgmtInterfaceGroup mgmt0
set oam radiusAuthentication radiusServer s1 radiusServerIp 10.54.90.107
set oam radiusAuthentication radiusServer s1 radiusServerPort 1812
set oam radiusAuthentication radiusServer s1 radiusSharedSecret sonus123
set oam radiusAuthentication radiusServer s1 state enabled
#
set oam radiusAuthentication retryCriteria oosDuration 120
set oam radiusAuthentication retryCriteria retryCount 2
set oam radiusAuthentication retryCriteria retryTimer 2000
#
show oam radiusAuthentication
radiusServer s1 {
priority 1;
state enabled;
radiusServerIp 10.54.90.107;
radiusServerPort 1812;
radiusSharedSecret $3$kAIoEV80OzbOGjefHnQH13BbycnbgbBM;
mgmtInterfaceGroup mgmt0;
}
retryCriteria {
retryTimer 2000;
retryCount 2;
oosDuration 120;
}
The following example enables external RADIUS authentication:
% set system admin TXSBC01a externalAuthenticationEnabled true
Overview
Content Tools