...
borderColor | green |
---|
bgColor | transparent |
---|
borderWidth | 2 |
---|
Back to Table of Contents
Back to CLI Configure Mode
...
This object provides an option for configuring users on a remote RADIUS server and authenticating login attempts with that RADIUS server. The authenticating user should be part of the Administrator group.
...
Include Page |
---|
| Radius_auth_users |
---|
| Radius_auth_users |
---|
|
...
The CLI syntax to configure RADIUS-based authentication is
...
provided below.
Radius Server
Use this object to configure each RADIUS server for the specified Management Interface Group.
Command Syntax
Code Block |
---|
|
% set oam radiusAuthentication |
...
radiusServer <serverName> |
...
...
...
...
authenticationMethod <pap |
...
...
...
...
<string>
priority <#>
radiusNasIp <x.x.x.x>
radiusServerIp |
...
<x.x.x.x>
radiusServerPort <#>
radiusSharedSecret <8-128>
state <disabled | enabled> |
Command Parameters
...
Server Parameters | 3 | Radius Server Parameters |
---|
|
Parameter | Length/Range | Description |
---|
|
...
radiusAuthentication
...
N/A
...
Use this object to configure RADIUS-based user authentication.
|
---|
<name> | 1-23 characters | RADIUS server name. | M | authenticationMethod
|
|
...
...
NAS IP address. (default is ‘0.0.0.0’)
The type of authentication to use. -
pap – Password Authentication Protocol. The password is sent in the radius request encoded with the shared secret. peapmschapV2 – Protected EAP/ Microsoft Challenge Handshake Authentication Protocol. The password is sent via the Extensible Authentication Protocol over TLS and authenticated via the Microsoft Challenge Handshake Authentication Protocol.
|
| mgmtInterfaceGroup |
|
...
...
Name of the Management Interface Group to connect to this RADIUS server. | O | priority | 1-8 | When configuring multiple RADIUS servers, use this attribute to specify the order to attempt RADIUS authentication. The RADIUS server with the lowest priority is contacted first. | M | radiusNasIp | IPv4 format | IPv4 address of the SBC to send in ACCESS_REQUEST. (default = 0.0.0. |
|
...
0) |
| radiusServerIp | IPv4 format | IPv4 address of the RADIUS server. |
| radiusServerPort | 1-65535 | The RADIUS server |
|
...
radiusSharedSecret
...
8-128
...
RADIUS server shared key.
port to which the SBC sends the request. |
| radiusSharedSecret | 8-128 characters | The shared secret used to encrypt the data exchanged between SBC and RADIUS server. |
| state | N/A | Operational state of the RADIUS server disabled (default)enabled
|
|
|
Note |
---|
|
In a SBC HA configuration, four management IP addresses must be listed on the RADIUS server: - mgt0 and mgt1 IP addresses of the Active CE
- mgt0 and mgt1 IP addresses of and Standby CE
|
Note |
---|
|
IPv6 configuration for RADIUS server is not supported at this time. |
Note |
---|
|
The radiusSharedSecret results in the 'show' command are encrypted. |
Retry Criteria
Use this parameter to configure the authentication retry criteria before the SBC times out as well as the RADIUS server out-of-service setting.
Command Syntax
Code Block |
---|
|
% set oam radiusAuthentication retryCriteria
oosDuration <# minutes>
retryCount <#>
retryTimer <# milliseconds> |
Command Parameters
Caption |
---|
0 | Table |
---|
1 | Retry Criteria Parameters |
---|
3 | Retry Criteria Parameters |
---|
|
Parameter | Length/Range | Description |
---|
oosDuration | 0-300 | Time in minutes the RADIUS server remains out of service after a timeout. | retryCount | 1-3 | Number of retries the SBC uses to attempt authentication. (Default = 3) | retryTimer
| 500-45000 | Time in milliseconds before the SBC attempts another authentication request. (Default = 1000) |
|
Command Examples
...
The following example configures
to communicate with the external RADIUS server for user authentication:...
| title | Configuration Examples |
---|
|
set oam radiusAuthentication radiusServer s1 priority 1
set oam radiusAuthentication radiusServer s1 mgmtInterfaceGroup mgmt0
set oam radiusAuthentication |
...
radiusServer s1 radiusServerIp 10. |
...
...
90.107
set oam radiusAuthentication radiusServer s1 radiusServerPort 1812
set oam radiusAuthentication radiusServer s1 radiusSharedSecret sonus123
set oam radiusAuthentication radiusServer s1 state enabled
#
set oam radiusAuthentication retryCriteria oosDuration 120
set oam radiusAuthentication retryCriteria retryCount 2
set oam radiusAuthentication retryCriteria retryTimer 2000
#
show oam radiusAuthentication
radiusServer s1 {
priority 1;
state enabled;
radiusServerIp 10.54.90.107;
radiusServerPort 1812;
radiusSharedSecret $3$kAIoEV80OzbOGjefHnQH13BbycnbgbBM;
mgmtInterfaceGroup mgmt0;
}
retryCriteria {
retryTimer 2000;
retryCount 2;
oosDuration 120;
} |
...
|
The radiusSharedSecret results in the 'show' command |
...
The following example enables external RADIUS authentication:
Code Block |
---|
|
% set system admin TXSBC01a externalAuthenticationEnabled true |