...
borderColor | green |
---|
bgColor | transparent |
---|
borderWidth | 2 |
---|
Back to Table of Contents
Back to CLI Configure Mode
...
This object provides an option for configuring users on a remote RADIUS server and authenticating login attempts with that RADIUS server. The authenticating user should be part of the Administrator group.
Info |
---|
|
For configuration details, |
...
...
Include Page |
---|
| Radius_auth_users |
---|
| Radius_auth_users |
---|
|
Command Syntax
The CLI syntax to configure RADIUS-based authentication is
...
provided below.
Radius Server
Use this object to configure each RADIUS server for the specified Management Interface Group.
Command Syntax
Code Block |
---|
|
% set oam radiusAuthentication |
...
radiusServer <serverName>
authenticationMethod <pap | peapmschapv2>
mgmtInterfaceGroup <string>
|
...
...
...
...
...
radiusSharedSecret <8-128>
|
...
state <disabled | enabled> |
...
...
...
|
Parameter | Length/Range | Description | |
---|
|
...
...
Use this object to configure each RADIUS server for the specified Management Interface Group.
...
| 1-23 characters | RADIUS server name. | M | authenticationMethod
| N/A | The type of authentication to use. -
pap – Password Authentication Protocol. The password is sent in the radius request encoded with the shared secret. peapmschapV2 – Protected EAP/ Microsoft Challenge Handshake Authentication Protocol. The password is sent via the Extensible Authentication Protocol over TLS and authenticated via the Microsoft Challenge Handshake Authentication Protocol.
| | mgmtInterfaceGroup | N/A |
|
Name of the Management Interface Group to connect to this RADIUS server. | O | priority |
|
...
| 1-8 | When configuring multiple RADIUS servers, use this attribute to specify the order to attempt RADIUS authentication. The RADIUS server with the lowest priority is contacted first. |
|
...
| M | radiusNasIp | IPv4 format | IPv4 address of the SBC to send in ACCESS_REQUEST. (default = 0.0.0.0) |
|
...
| radiusServerIp | IPv4 format | IPv4 address of the RADIUS server. | | radiusServerPort |
|
...
| 1-65535 | The RADIUS server port to which the SBC sends the request. |
|
...
| | radiusSharedSecret | 8-128 characters | The shared secret used to encrypt the data exchanged between SBC and RADIUS server. |
|
...
Operational state of the RADIUS server |
|
...
disabled (default)enabled
| |
|
...
...
IPv6 configuration for RADIUS server is not supported at this time.
...
|
In a SBC HA configuration, four management IP addresses must be listed on the RADIUS server: - mgt0 and mgt1 IP addresses of the Active CE
- mgt0 and mgt1 IP addresses of and Standby CE
|
...
Note |
---|
|
IPv6 configuration for RADIUS server is not supported at this time. |
...
* Required parameter.
|
The radiusSharedSecret results in the 'show' command are encrypted. |
Retry Criteria
...
Use this parameter to configure
...
the authentication retry criteria before
...
...
as well as the RADIUS server out-of-service setting.
...
Command Syntax
Code Block |
---|
|
% set oam radiusAuthentication retryCriteria
oosDuration <# minutes>
retryCount <#>
retryTimer <# milliseconds> |
Command Parameters
Caption |
---|
0 | Table |
---|
1 | Retry Criteria Parameters |
---|
3 | Retry Criteria Parameters |
---|
|
Parameter | Length/Range | Description |
---|
oosDuration | 0-300 | Time in minutes the RADIUS server remains out of service after a timeout. | retryCount |
|
...
| 1-3 | Number of retries the SBC uses to attempt authentication. ( |
|
...
...
| 500-3000 | Time in milliseconds before the SBC attempts another authentication request. ( |
|
...
...
Examples
The following example configures
to communicate with the external RADIUS server for user authentication: Code Block |
---|
language | none |
---|
title | Configuration Examples |
---|
|
...
set oam radiusAuthentication radiusServer s1 priority 1
|
...
set oam radiusAuthentication radiusServer s1 mgmtInterfaceGroup mgmt0
|
...
set oam radiusAuthentication radiusServer s1 radiusServerIp 10.54.90.107
|
...
set oam radiusAuthentication radiusServer s1 radiusServerPort 1812
|
...
set oam radiusAuthentication radiusServer s1 radiusSharedSecret sonus123
|
...
set oam radiusAuthentication radiusServer s1 state enabled
#
|
...
set oam radiusAuthentication retryCriteria oosDuration 120
|
...
set oam radiusAuthentication retryCriteria retryCount 2
|
...
set oam radiusAuthentication retryCriteria retryTimer 2000
#
show oam radiusAuthentication
radiusServer s1 {
priority 1;
state enabled;
radiusServerIp 10.54.90.107;
radiusServerPort 1812;
radiusSharedSecret $3$kAIoEV80OzbOGjefHnQH13BbycnbgbBM;
mgmtInterfaceGroup mgmt0;
}
retryCriteria {
retryTimer 2000;
retryCount 2;
oosDuration 120;
} |
Note |
---|
|
The radiusSharedSecret results in the 'show' command |
...
The following example enables external RADIUS authentication:
Code Block |
---|
|
% set system admin TXSBC01a externalAuthenticationEnabled true |