CHAPTER16 Services
Mediant 800 Gateway & E-SBC | User's Manual
For each RADIUS server, the IP address, port, and shared secret can be configured. Each
RADIUS server can be defined for RADIUS-based login authentication and/or RADIUS-based
accounting. By setting the relevant port (authentication or accounting) to "0" disables the
corresponding functionality. If both ports are configured, the RADIUS server is used for
authentication and accounting. All servers configured with non-zero Authorization ports form an
Authorization redundancy group and the device sends authorization requests to one of them,
depending on their availability. All servers configured with non-zero Accounting ports form an
Accounting redundancy group and the device sends accounting CDRs to one of them, depending
on their availability. Below are example configurations:
■ Only one RADIUS server is configured and used for authorization and accounting purposes (no
redundancy). Therefore, both the Authorization and Accounting ports are defined.
■ Three RADIUS servers are configured:
● Two servers are used for authorization purposes only, providing redundancy. Therefore,
only the Authorization ports are defined, while the Accounting ports are set to 0.
● One server is used for accounting purposes only (i.e., no redundancy). Therefore, only the
Accounting port is defined, while the Authorization port is set to 0.
■ Two RADIUS servers are configured and used for authorization and accounting purposes,
providing redundancy. Therefore, both the Authorization and Accounting ports are defined.
The status of the RADIUS severs can be viewed through CLI:
# show system radius servers status
The example below shows the status of two RADIUS servers in redundancy mode for authorization
and accounting:
servers 0
ip-address 10.4.4.203
auth-port 1812
auth-ha-state "ACTIVE"
acc-port 1813
acc-ha-state "ACTIVE"
servers 1
ip-address 10.4.4.202
auth-port 1812
auth-ha-state "STANDBY"
acc-port 1813
acc-ha-state "STANDBY"
Where auth-ha-state and acc-ha-state display the authentication and accounting redundancy status
respectively. "ACTIVE" means that the server was used for the last sent authentication or
accounting request; "STANDBY" means that the server was not used in the last sent request.
● To enable and configure RADIUS-based accounting, see Configuring RADIUS
Accounting.
● The device can send up to 201 concurrent RADIUS requests per RADIUS service
type (Accounting or Authentication), per RADIUS server (up to three servers per
service type), and per local port (up to 1 local port).
The following procedure describes how to configure a RADIUS server through the Web interface.
You can also configure it through ini file [RadiusServers] or CLI (configure system > radius
servers).
- 217 -
To Next Page
Loading...
Need help?
General
