Filter
Top Products
Managing RADIUS
22-14 Managing Access Server Security
Optional Setup for RADIUS
You can use the commands in the following examples to configure additional security
parameters for RADIUS servers. The commands in these examples define a RADIUS
server accounting node, the maximum timeout period for RADIUS server reply, and
the interval between retries of an authentication request.
•
The following command defines a RADIUS server accounting node:
LOCAL> CHANGE RADIUS REALM JONAS.COM
ACCOUNTING HOST
ip-addr
•
This command defines the maximum timeout for RADIUS server reply:
LOCAL> CHANGE RADIUS TIMEOUT
seconds
•
This command defines how much time elapses before using an alternate server:
LOCAL> CHANGE RADIUS INTERVAL
seconds
Setting the INTERVAL variable defines the time period (in seconds) that the
system is to wait before repeating an authentication request to an alternate
authentication server.
•
This command causes the realm name to be included as part of a user name sent
to the RADIUS server:
Local> CHANGE RADIUS REALM JONAS.COM
INCLUDE
Realm name inclusion is used for RADIUS proxy authentication service.
Reference
See the
Network Access Server Command Reference
for more information on these
commands.
Example: Including the Realm Name
If your realm name has to be included when the access server sends messages to the
RADIUS server, issue the command shown in the following example:
LOCAL> CHANGE RADIUS REALM JONAS.COM INCLUDE
For most usage, you will not want to include the realm name. If you do, each entry in
the RADIUS server’s users file will have to appear as “
user-name
@
realm-name
”
instead of simply “
user-name
”.
If a user has to be called back, this value is derived from User-Service-Type when
specified. If it is not specified, then realm defaults/port defaults can apply: