Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added authenticationMethod migrated from 6.2.2
Panel

In this section:

Table of Contents
maxLevel4

 

...

borderColorgreen
bgColortransparent
borderWidth2

Back to Table of Contents

Back to CLI Configure Mode

...

This object provides an option for configuring users on a remote RADIUS server and authenticating login attempts with that RADIUS server. The authenticating user should be part of the Administrator group.

Info
titleInfo

For configuration details,

...

...

.

Include Page
Radius_auth_users
Radius_auth_users

 

Command Syntax

The CLI syntax to configure RADIUS-based authentication is

...

provided below.

Radius Server

 Use this object to configure each RADIUS server for the specified Management Interface Group.

Command Syntax

Code Block
languagenone
% set oam radiusAuthentication 

...

radiusServer <serverName> 
    authenticationMethod <pap | peapmschapv2> 
	mgmtInterfaceGroup <string>
	

...

priority <#>
	

...

radiusNasIp <x.x.x.x>
	

...

radiusServerIp <x.x.x.x>

...

	radiusServerPort <#>

...

	radiusSharedSecret <8-128>
	

...

state <disabled | enabled>

...

 

Command Parameters

Caption
0Table
1Radius

...

Server Parameters
3Radius

...

Server Parameters
ParameterLength/RangeDescription 

...

<name> 

...

 Use this object to configure each RADIUS server for the specified Management Interface Group.

...

1-23 charactersRADIUS server name.M

authenticationMethod


N/A

The type of authentication to use.

  •  pap – Password Authentication Protocol. The password is sent in the radius request encoded with the shared secret.
  • peapmschapV2 – Protected EAP/ Microsoft Challenge Handshake Authentication Protocol. The password is sent via the Extensible Authentication Protocol over TLS and authenticated via the Microsoft Challenge Handshake Authentication Protocol.
 
mgmtInterfaceGroupN/A
Name of the Management Interface Group to connect to this RADIUS server. O
priority

...

1-8When configuring multiple RADIUS servers, use this attribute to specify the order to attempt RADIUS authentication. The RADIUS server with the lowest priority is contacted first.

...

M
radiusNasIpIPv4 formatIPv4 address of the SBC to send in ACCESS_REQUEST. (default = 0.0.0.0)

...

 
radiusServerIpIPv4 formatIPv4 address of the RADIUS server. 
radiusServerPort

...

1-65535The RADIUS server port to which the SBC sends the request.

...

 
radiusSharedSecret8-128 characters

The shared secret used to encrypt the data exchanged between SBC and RADIUS server.

...

 
stateN/A 

Operational state of the RADIUS server

...

    • disabled (default)
    • enabled
 
Note

...

iconfalse
titleNote

...

IPv6 configuration for RADIUS server is not supported at this time.

...

In a SBC HA configuration, four management IP addresses must be listed on the RADIUS server:

  • mgt0 and mgt1 IP addresses of the Active CE
  • mgt0 and mgt1 IP addresses of and Standby CE

...

Note
iconfalse
titleNote

IPv6 configuration for RADIUS server is not supported at this time.

Note
iconfalse

...

* Required parameter.

titleNote

The radiusSharedSecret results in the 'show' command are encrypted.

Retry Criteria

...

Use this parameter to configure

...

the authentication retry criteria before

...

the SBC times out

...

as well as the RADIUS server out-of-service setting.

...

Command Syntax

Code Block
languagenone
% set oam radiusAuthentication retryCriteria
	oosDuration <# minutes>
	retryCount <#>
	retryTimer <# milliseconds>

Command Parameters

Caption
0Table
1Retry Criteria Parameters
3Retry Criteria Parameters
ParameterLength/RangeDescription
oosDuration0-300

Time in minutes the RADIUS server remains out of service after a timeout.

retryCount

...

1-3

Number of retries the SBC uses to attempt authentication. (

...

Default = 3)

retryTimer

...

500-3000

Time in milliseconds before the SBC attempts another authentication request. (

...

Default = 1000)

Command

...

Examples

The following example configures 

Spacevars
0product
to communicate with the external RADIUS server for user authentication:

Code Block
languagenone
titleConfiguration Examples

...

set oam radiusAuthentication radiusServer s1 priority 1

...

set oam radiusAuthentication radiusServer s1 mgmtInterfaceGroup mgmt0

...

set oam radiusAuthentication radiusServer s1 radiusServerIp 10.54.90.107

...

set oam radiusAuthentication radiusServer s1 radiusServerPort 1812

...

set oam radiusAuthentication radiusServer s1 radiusSharedSecret sonus123

...

set oam radiusAuthentication radiusServer s1 state enabled
#

...

set oam radiusAuthentication retryCriteria oosDuration 120

...

set oam radiusAuthentication retryCriteria retryCount 2

...

set oam radiusAuthentication retryCriteria retryTimer 2000
#
show oam radiusAuthentication
radiusServer s1 {
    priority           1;
    state              enabled;
    radiusServerIp     10.54.90.107;
    radiusServerPort   1812;
    radiusSharedSecret $3$kAIoEV80OzbOGjefHnQH13BbycnbgbBM;
    mgmtInterfaceGroup mgmt0;
}
retryCriteria {
    retryTimer  2000;
    retryCount  2;
    oosDuration 120;
}
Note
iconfalse
titleNote

The radiusSharedSecret results in the 'show' command

...

are encrypted.

The following example enables external RADIUS authentication:

Code Block
languagenone
% set system admin TXSBC01a externalAuthenticationEnabled true

Pagebreak