Working with RADIUS attributes
Controller attributes overview
15-6
Note A maximum of 128 attributes can be active at any one time (including both the RADIUS and
the Configured attributes list).
The maximum attribute size that the controller can receive in a single RADIUS request is 4096
bytes. However, some networks may limit RADIUS request size to around 1500 bytes because
they discard UDP fragments.
Configure the Retrieve attributes using RADIUS options as follows:
RADIUS profile: Select a RADIUS profile. The profile is used to establish the connection
to a RADIUS server. RADIUS profiles are defined by selecting Controller >>
Authentication > RADIUS profiles. For details, see Using a third-party RADIUS
server on page 11-5.
RADIUS username: Specify the username of the RADIUS account assigned to the
controller.
RADIUS password / Confirm password: Specify the password of the RADIUS account
assigned to the controller.
Accounting: Enable this option to have the controller generate a RADIUS accounting
request ON/OFF each time its authentication state changes.
Retrieved attributes override configured attributes: Enable this option to have
attributes retrieved from the RADIUS server overwrite settings defined in the
Configured attributes table.
Retrieval interval: Specify the number of minutes between attribute retrievals. The
controller retrieves attributes from its RADIUS account each time this interval expires.
To avoid potential service interruptions that may occur when new attributes are
activated by the controller, it is strongly recommended that you use a large interval (12
hours or more).
You can override the value configured on this page by using the RADIUS attribute
Session-timeout, which enables the following strategy: Configure Retrieval interval
to a small value (10 to 20 minutes) and set the RADIUS attribute Session-timeout to
override it with a large value (12 hours) when authentication is successful. Since the
Retrieval interval is also respected for Access Reject packets, this configuration results
in a short reauthentication interval in the case of failure, and a long one in the case of
success.
Last retrieved: Shows the amount of time that has passed since the controller last
retrieved attributes.
Retrieve Now: Select to force the controller to contact the RADIUS server and retrieve
attributes.
To Next Page
Loading...
Need help?
General
