You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Back to Table of Contents

Back to CLI Configure Mode

Back to Operations and Maintenance - CLI

This object provides an option for configuring users on a remote RADIUS server and authenticating login attempts with that RADIUS server. The authenticating user should be part of the Administrator group.

For configuration details, see Configuring SBC for RADIUS Authentication best practice.

 

Command Syntax

The CLI syntax to configure RADIUS-based authentication is shown below.

% set oam radiusAuthentication 
	radiusServer <server name>
		mgmtInterfaceGroup <string>
		priority <#>
		radiusNasIp <x.x.x.x>
		radiusServerIp <x.x.x.x>
		radiusServerPort <#>
		radiusSharedSecret <8-128>
		state <disabled | enabled>
	retryCriteria
		oosDuration <# minutes>
		retryCount <#>
		retryTimer <# milliseconds>

 

Command Parameters

Radius Authentication Parameters

ParameterDescription
radiusServer 

 Use this object to configure each RADIUS server for the specified Management Interface Group.

  • <name>* – RADIUS server name (up to 23 characters).
  • mgmtInterfaceGroup – Name of the Management Interface Group to connect to this RADIUS server.
  • priority* – When configuring multiple RADIUS servers, use this attribute to specify the order to attempt RADIUS authentication. The RADIUS server with the lowest priority is contacted first.
  • radiusNasIp (default = 0.0.0.0) – IPv4 address of the SBC to send in ACCESS_REQUEST.
  • radiusServerIp – IPv4 address of the RADIUS server.
  • radiusServerPort – The RADIUS server port to which the SBC sends the request. (range: 1-65535)
  • radiusSharedSecret – The shared secret used to encrypt the data exchanged between SBC and RADIUS server. (range: 8-128 characters)
  • state – Operational state of the RADIUS server.
    • disabled (default)
    • enabled

IPv6 configuration for RADIUS server is not supported at this time.

In a SBC HA configuration, four management IP addresses must be listed on the RADIUS server:

  • mgt0 and mgt1 IP addresses of the Active CE
  • mgt0 and mgt1 IP addresses of and Standby CE

* Required parameter.

retryCriteria

Use this parameter to configure SBC's authentication retry criteria before timing out, as well as RADIUS server out-of-service setting.

  • oosDuration – Time in minutes the RADIUS server remains out of service after a timeout.
  • retryCount – Number of retries the SBC uses to attempt authentication. (range: 1-3 / default = 3)
  • retryTimer – Time in milliseconds before the SBC attempts another authentication request. (range: 500-3000 / default = 1000)

Command Example

The following example configures 

Unable to show "metadata-from": No such page "_space_variables"
to communicate with the external RADIUS server for user authentication:

Configuration Examples
% set oam radiusAuthentication radiusServer s1
% set oam radiusAuthentication radiusServer s1 priority 1
% set oam radiusAuthentication radiusServer s1 mgmtInterfaceGroup mgmt0
% set oam radiusAuthentication radiusServer s1 radiusServerIp 10.54.90.107
% set oam radiusAuthentication radiusServer s1 radiusServerPort 1812
% set oam radiusAuthentication radiusServer s1 radiusSharedSecret sonus123
% set oam radiusAuthentication radiusServer s1 state enabled

% set oam radiusAuthentication retryCriteria oosDuration 120
% set oam radiusAuthentication retryCriteria retryCount 2
% set oam radiusAuthentication retryCriteria retryTimer 2000

The radiusSharedSecret results in the 'show' command will be encrypted.

The following example enables external RADIUS authentication:

% set system admin TXSBC01a externalAuthenticationEnabled true
  • No labels