Hà Nội: NTT03, Line 1, Thống Nhất Complex, 82 Nguyễn Tuân, Thanh Xuân, Hà Nội. ● HCM: Số 31B, Đường 1, Phường An Phú, Quận 2 (Thủ Đức), TP HCM. ===> Đơn Vị Hàng Đầu Trong Lĩnh Vực Cung Cấp Thiết Bị Security - Network - Wifi - CCTV - Conference - Máy chủ Server - Lưu trữ Storge.
Danh mục sản phẩm

Configure the RADIUS Scheme

To configure the RADIUS scheme, you need to configure the key parameters of the server.

Configuration Condition

None

Configure the RADIUS Server

When AAA needs to use the RADIUS method for authentication, authorization and accounting, it is necessary to configure RADIUS server parameters, including server IP address, authentication/authorization port, accounting port and shared key information.

Before entering the RADIUS server, we need to configure the RADIUS server group. Reference the server group name when configuring the method list, and we can use the RADIUS server group to authenticate, authorize and count the users.

Table 11-13 Configure the RADIUS server

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Configure the RADIUS server group name (the command also can enter the RADIUS server group configuration mode)

aaa server group radius group-name

Mandatory

By default, do not configure the RADIUS server group name.

Configure the RADIUS server

server { ip-address | ipv6 ip-address } [ acc-port acc-port-num ] [ auth-port auth-port-num ] [ priority priority ] { key [ 0 | 7 ] key }

Mandatory

By default, do not configure the RADIUS server.

Configure the RADIUS dead time

dead-time dead-time

Optional

By default, the dead time of the RADIUS server is 0, indicating not dead.

Configure the maximum re-transmit times of RADIUS

retransmit retries

Optional

By default, the maximum re-transmit times of the RADIUS server is three times.

Configure the response timeout of the RADIUS server

timeout timeout

Optional

By default, the timeout of waiting for the RADIUS server response is 5s.

Configure not checking TAG when resolving the tunnel attribute delivered by the RADIUS server

tunnel without-tag

Optional

By default, need the TAG when resolving the tunnel attribute delivered by the RADIUS server.

Configure the VRF of the RADIUS server group

ip vrf forwarding vrf-name

Optional

By default, the RADIUS server group belongs to the global VRF.

note


  • Devices select the order in which RADIUS servers are used according to the configured priority value.
  • Dead time means that the device marks the RADIUS servers that do not respond to authentication requests as unavailable and no requests are sent to these servers during dead-time.
  • The configured share keys on the device and RADIUS server must be consistent.

Configure the RADIUS Attributes

Table 11-14 Configure the RADIUS attributes

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Configure the attribute service-type value in the RADIUS packet of the login authentication

radius login service-type attr-value

Optional

By default, the service-type value in the RADIUS packet is 7.

Configure the maximum concurrent packets of the NAS device and the RADIUS server

radius control-speed pck-num

Optional

By default, the maximum concurrent packets of the NAS device and the RADIUS server is 100.

Configure the Source Address of Sending the RADIUS Packet

Table 11-15 Configure the source address of sending the RADIUS packet

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Configure the interface selected by the RADIUS source address

ip radius source-interface interface-name [ vrf vrf-name ]

Optional

By default, the device automatically selects the source interface.

Configure the accounting-on Function of RADIUS

The account-on function is mainly used to designate all online users on the RADIUS server when the AAA process is pulled up for the first time. By default, the accounting-on function is disabled; when the account-on function is enabled, the default retransmit interval is 6 seconds, and the maximum retransmit times is 50 times; due to the slow start-up time of the service card of the high-end device, it is recommended that users set the retransmit times and the interval time not lower than the default values as far as possible.

Table 11-16 Configure the accounting-on function of RADIUS

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Enter the RADIUS server group mode

aaa server group radius group-name

-

Configure the account on function of RADIUS

accounting-on enable [interval seconds | send send-times]

Optional

By default, the accounting-on function is disabled.