Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel

In this section:

Table of Contents
maxLevel4



 

This object provides an option for configuring users on a remote RADIUS server and authenticating login attempts with that RADIUS server. The authenticating user should be part of the Administrator group.

Info
titleInfo

For configuration details, refer to Configuring SBC for RADIUS Authentication.

Include Page
Radius_auth_users
Radius_auth_users

 


The CLI syntax to configure RADIUS-based authentication is provided below.

Radius Server

 Use this object to configure each RADIUS server for the specified Management Interface Group.

Command Syntax

Code Block
languagenone
% set oam radiusAuthentication radiusServer <serverName> 
    authenticationMethod <pap | peapmschapv2> 
	mgmtInterfaceGroup <string>
	priority <#>
	radiusNasIp <x.x.x.x>
	radiusServerIp <x.x.x.x>
	radiusServerPort <#>
	radiusSharedSecret <8-128>
	state <disabled | enabled>

Command Parameters

Caption
0Table
1Radius Server Parameters
3Radius Server Parameters


 
ParameterLength/RangeDescription
<name> 1-23 charactersRADIUS server name.M

authenticationMethod


N/A

The type of authentication to use.

  •  pap – Password Authentication Protocol. The password is sent in the radius request encoded with the shared secret.
  • peapmschapV2 – Protected EAP/ Microsoft Challenge Handshake Authentication Protocol. The password is sent via the Extensible Authentication Protocol over TLS and authenticated via the Microsoft Challenge Handshake Authentication Protocol.
 
mgmtInterfaceGroupN/AName of the Management Interface Group to connect to this RADIUS server. O
priority1-8When configuring multiple RADIUS servers, use this attribute to specify the order to attempt RADIUS authentication. The RADIUS server with the lowest priority is contacted first.M
radiusNasIpIPv4 formatIPv4 address of the SBC to send in ACCESS_REQUEST. (default = 0.0.0.0) 
radiusServerIpIPv4 formatIPv4 address of the RADIUS server. 
radiusServerPort1-65535The RADIUS server port to which the SBC sends the request. 
radiusSharedSecret8-128 characters

The shared secret used to encrypt the data exchanged between SBC and RADIUS server.

 


stateN/A 

Operational state of the RADIUS server

    • disabled (default)
    • enabled
 



Note
iconfalse
titleNote

In a SBC HA configuration, four management IP addresses must be listed on the RADIUS server:

  • mgt0 and mgt1 IP addresses of the Active CE
  • mgt0 and mgt1 IP addresses of and Standby CE


Note
iconfalse
titleNote

IPv6 configuration for RADIUS server is not supported at this time.


Note
iconfalse
titleNote

The radiusSharedSecret results in the 'show' command are encrypted.

Retry Criteria

Use this parameter to configure the authentication retry criteria before the SBC times out as well as the RADIUS server out-of-service setting.

Command Syntax

Code Block
languagenone
% set oam radiusAuthentication retryCriteria
	oosDuration <# minutes>
	retryCount <#>
	retryTimer <# milliseconds>

Command Parameters


Caption
0Table
1Retry Criteria Parameters
3Retry Criteria Parameters


ParameterLength/RangeDescription
oosDuration0-300

Time in minutes the RADIUS server remains out of service after a timeout.

retryCount1-3

Number of retries the SBC uses to attempt authentication. (Default = 3)

retryTimer

500-
3000
45000

Time in milliseconds before the SBC attempts another authentication request. (Default = 1000)



Command Examples

The following example configures 

Spacevars
0product
to communicate with the external RADIUS server for user authentication:

Code Block
languagenone
titleConfiguration Examples
set oam radiusAuthentication radiusServer s1 priority 1
set oam radiusAuthentication radiusServer s1 mgmtInterfaceGroup mgmt0
set oam radiusAuthentication radiusServer s1 radiusServerIp 10.54.90.107
set oam radiusAuthentication radiusServer s1 radiusServerPort 1812
set oam radiusAuthentication radiusServer s1 radiusSharedSecret sonus123
set oam radiusAuthentication radiusServer s1 state enabled
#
set oam radiusAuthentication retryCriteria oosDuration 120
set oam radiusAuthentication retryCriteria retryCount 2
set oam radiusAuthentication retryCriteria retryTimer 2000
#
show oam radiusAuthentication
radiusServer s1 {
    priority           1;
    state              enabled;
    radiusServerIp     10.54.90.107;
    radiusServerPort   1812;
    radiusSharedSecret $3$kAIoEV80OzbOGjefHnQH13BbycnbgbBM;
    mgmtInterfaceGroup mgmt0;
}
retryCriteria {
    retryTimer  2000;
    retryCount  2;
    oosDuration 120;
}


Note
iconfalse
titleNote

The radiusSharedSecret results in the 'show' command are encrypted.

The following example enables external RADIUS authentication:

Code Block
languagenone
% set system admin TXSBC01a externalAuthenticationEnabled true

Pagebreak