___________________________________________________________________________________________________________________________
8
2.1 Part 1: Basic AAA Configuation
2.1.1 ERS8600 Configuration
Assuming we are using the out-of-band management port.
2.1.1.1 Add out-of-band IP address
ERS8600-1 Step 1 – Add out-of-band IP address and route
2.1.1.2 Enable RADIUS
ERS8600-1 Step 1 – Add RADIUS server, enable RADIUS, and enable RADIUS accounting
When configuring the RADIUS server on the ERS8600, you can configure the switch
with a RADIUS source-IP address which in turn will be the IP address used for RADIUS
requests. The RADIUS source-IP address must be a circuit-less IP address (CLIP) or
otherwise known as a loopback address. If you do not enable a RADIUS source-IP
address, by default, the ERS8600 uses the IP address of the outgoing interface as the
source IP address for RADIUS. Unfortunately, although you can create and enable a
RADIUS source-IP when using the out-of-band management port, this feature is not
supported on the out-of-band management port. Hence, if you have two CP cards, you
will have to configure two RADIUS Authenticators on the RADIUS server.