Add_workflow_for_techpubs | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Panel | ||||
---|---|---|---|---|
In this section:
|
Info | ||
---|---|---|
| ||
Related articles: |
This object provides an option for configuring users on a remote RADIUS server and authenticating login attempts with that RADIUS server. The authenticating user should be part of the Administrator group.
Info | ||
---|---|---|
| ||
For configuration details, refer to Configuring SBC for RADIUS Authentication. |
Include Page | ||||
---|---|---|---|---|
|
The CLI syntax to configure RADIUS-based authentication is provided below.
Use this object to configure each RADIUS server for the specified Management Interface Group.
Code Block | ||
---|---|---|
| ||
% set oam radiusAuthentication radiusServer <serverName> authenticationMethod <pap | peapmschapv2> mgmtInterfaceGroup <string> priority <#> radiusNasIp <x.x.x.x> radiusServerIp <x.x.x.x> radiusServerPort <#> radiusSharedSecret <8<6-128> state <disabled | enabled> vsaVendorType <none | 0-255> |
Radius Server Parameters
Parameter | Length/Range | Description |
---|---|---|
<name> | 1-23 characters | RADIUS server name. |
|
authenticationMethod
| N/A | The type of authentication to use.
|
mgmtInterfaceGroup | N/A | Name of the Management Interface Group to connect to this RADIUS server. |
priority | 1-8 | When configuring multiple RADIUS servers, use this attribute to specify the order to attempt RADIUS authentication. The RADIUS server with the lowest priority is contacted first. |
radiusNasIp | IPv4 format | IPv4 address of the SBC to send in ACCESS_REQUEST. (default = 0.0.0.0) |
radiusServerIp | IPv4/IPv6 format | IPv4 or IPv6 address of the RADIUS server. (default = 0.0.0.0) |
radiusServerPort | 1-65535 | The RADIUS server port to which the SBC sends the request. |
radiusSharedSecret |
6-128 characters | The shared secret used to encrypt the data exchanged between SBC and RADIUS server. | |
state | N/A | Operational state of the RADIUS server
|
vsaVendorType | none | 0-255 | Enter "none" to allow all VSA vendor-types, or a number between 0-255 to only return the group name in a VSA with that vendor-type. |
Note | ||||
---|---|---|---|---|
| ||||
In a SBC HA configuration, four management IP addresses must be listed on the RADIUS server:
| ||||
Note | ||||
icon | false | title | Note
IPv6 configuration for RADIUS server is not supported at this time. | ||||
Note | ||||
---|---|---|---|---|
| ||||
The |
Use this parameter to configure the authentication retry criteria before the SBC times out as well as the RADIUS server out-of-service setting.
Code Block | ||
---|---|---|
| ||
% set oam radiusAuthentication retryCriteria oosDuration <# minutes> retryCount <#> retryTimer <# milliseconds> |
Retry Criteria Parameters
Parameter | Length/Range | Description |
---|---|---|
oosDuration | 0-300 | Time in minutes the RADIUS server remains out of service after a timeout. |
retryCount | 1-3 | Number of retries the SBC uses to attempt authentication. (Default = 3) |
| 500-45000 | Time in milliseconds before the SBC attempts another authentication request. (Default = 1000) |
The following example configures
Spacevars | ||
---|---|---|
|
Code Block | ||||
---|---|---|---|---|
| ||||
set oam radiusAuthentication radiusServer s1 priority 1 set oam radiusAuthentication radiusServer s1 mgmtInterfaceGroup mgmt0 set oam radiusAuthentication radiusServer s1 radiusServerIp 10.54.90.107 set oam radiusAuthentication radiusServer s1 radiusServerPort 1812 set oam radiusAuthentication radiusServer s1 radiusSharedSecret sonus123 set oam radiusAuthentication radiusServer s1 state enabled set oam radiusAuthentication radiusServer s1 vsaVendorType 1 # set oam radiusAuthentication retryCriteria oosDuration 120 set oam radiusAuthentication retryCriteria retryCount 2 set oam radiusAuthentication retryCriteria retryTimer 2000 # show oam radiusAuthentication radiusServer s1 { priority 1; state enabled; radiusServerIp 10.54.90.107; radiusServerPort 1812; radiusSharedSecret $3$kAIoEV80OzbOGjefHnQH13BbycnbgbBM; mgmtInterfaceGroup mgmt0; vsaVendorType 1; } retryCriteria { retryTimer 2000; retryCount 2; oosDuration 120; } |
Note | ||||
---|---|---|---|---|
| ||||
The |
The following example enables external RADIUS authentication:
Code Block | ||
---|---|---|
| ||
% set system admin TXSBC01a externalAuthenticationEnabled true |