Programmable Internetworking & Communication Operating System Docs ... Click Spaces -> Space Directory to see docs for all releases ...
Page tree
Skip to end of metadata
Go to start of metadata

As the RADIUS protocol is simple and scalable, it is the most widely used AAA protocol.

Configuring RADIUS 

Procedure

Step1         Enable RADIUS authentication and authorization.

    set system aaa radius authorization disable <true | false>

Step2         Configure IP address of RADIUS authentication and authorization server.

    set system aaa radius authorization server-ip <ipv4_address>

Step3         Configure port number of RADIUS authentication and authorization server.

    set system aaa radius authorization server-ip <ipv4_address> port <integer>

    By default, the port number of RADIUS authentication and authorization server is 1812. The value of port number should be the same with that on the RADIUS servers.  

Step4         Configure RADIUS authentication and authorization shared key.

    set system aaa radius authorization server-ip <ipv4_address> shared-key <string>

    The value of RADIUS authentication and authorization shared key should be the same with that on the RADIUS server.

Step5         Configure RADIUS authentication and authorization connection timeout.

    set system aaa radius authorization server-ip <ipv4_address> timeout <integer>

    By default, the value of RADIUS authentication and authorization connection timeout is 5 seconds.

Step6         Enable RADIUS accounting function.

    set system aaa radius accounting disable <true | false>

Step7         Configure RADIUS accounting server IP.

    set system aaa radius accounting server-ip <ipv4_address>

Step8         Configure port number of RADIUS accounting server.

    set system aaa radius accounting server-ip <ipv4_address> port <integer>

    By default, the port number of RADIUS accounting server is 1813. The value of port number should be the same with that on the RADIUS servers.    

Step9         Configure RADIUS accounting shared key.

    set system aaa radius accounting server-ip <ipv4_address> shared-key <string>

Step10      Configure RADIUS accounting connection timeout.

   set system aaa radius accounting server-ip <ipv4_address> timeout <integer>

Step11      Commit the configurations.

   commit

 Configuration Example

Networking Requirements

As shown in Figure 1, PC1, PC2, and PC3 connect to the internet through the PICA8 Switch. Configure RADIUS function on PICA8 Switch to accomplish authentication, authorization, and accounting of PC1, PC2, and PC3 through RADIUS server1 and RADIUS server2.

Figure 1. RADIUS Networking Topology

Procedure

Step1         Enable RADIUS authentication and authorization.

admin@XorPlus# set system aaa radius authorization disable false

Step2         Configure IP address of RADIUS authentication and authorization server.

admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.4
admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.5

Step3         Configure port number of RADIUS authentication and authorization server.

admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.4 port 1800
admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.5 port 1800

    By default, the port number of RADIUS authentication and authorization server is 1812.

Step4         Configure RADIUS authentication and authorization shared key.

admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.4 shared-key pica8
admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.5 shared-key pica8

    The value of RADIUS authentication and authorization shared key should be the same with that on the RADIUS server.

Step5         Configure RADIUS authentication and authorization connection timeout.

admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.4 timeout 30
admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.5 timeout 30

    By default, the value of RADIUS connection timeout is 5 seconds.

Step6         Enable RADIUS accounting.

admin@XorPlus# set system aaa radius accounting disable false

Step7         Configure IP address of RADIUS accounting server.

admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.4
admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.5

Step8         Configure port number of RADIUS accounting server.

admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.4 port 1801
admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.5 port 1801

    By default, the port number of RADIUS accounting server is 1813.

Step9         Configure RADIUS accounting shared key.

admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.4 shared-key pica8
admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.5 shared-key pica8

Step10      Configure RADIUS accounting connection timeout.

admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.4 timeout 30
admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.5 timeout 30

Step11      Commit the configurations.

admin@XorPlus# commit

Check the Configuration

  •   You can use the show system aaa radius command to view the configuration information of RADIUS.
admin@XorPlus# show system aaa radius
radius {
        authorization {
            disable: false
            server-ip 10.10.51.4 {
                 timeout: 30
                port: 1800
            }
            server-ip 10.10.51.5 {
                timeout: 30
                port: 1800
            }
        }
        accounting {
            disable: false
            server-ip 10.10.51.4{
                timeout: 30
                port: 1801
            }
            server-ip 10.10.51.5 {
                timeout: 30
                port: 1801
            }
        }
  • No labels