ACCESS GATEWAY
System Administration 133
1.
To enable the accounting service for your RADIUS functionality, click on the check box for Enable
RADIUS Accounting Service.
2.
Enter the primary RADIUS accounting server IP address in the Primary IP field.
3.
Enter the accounting port in the Port field for the primary RADIUS accounting server. This is the port the
system uses when communicating accounting records.
4.
Enter a secret key in the Secret Key field for the primary RADIUS accounting server.
5.
Repeat Steps 1 through 4 for the secondary RADIUS accounting server (if used).
Retransmission Options
This category requires you to define the data retransmission method (failover or round-robin), the
retransmission frequency, and how many retransmissions the system should attempt.
1.
Select the Retransmission Method (Failover or Round Robin).
2.
Enter a value for the time (in seconds) in the Retransmission Frequency field. This value determines
how much time elapses between transmission attempts.
3.
Enter a numeric value in the Retransmission Attempts (per server) field to define how many times the
system attempts to transmit the data.
4.
Click on the Add button to add this RADIUS Service Profile.
5.
When you have completed the definition of your RADIUS Service Profile, you can return to the previous
screen (Realm-Based Routing Settings) by clicking on the Back to Main Realm-Based Routing
Settings page link.
The RADIUS Service Profile you just created is added to the list.
Define Realm Routing Policies
Realm routing policies are used to determine how supplied username/password input is used to authenticate
users. Create a realm routing policy for each realm that will be handled. The realm routing policy will reference
either a RADIUS service profile or a tunnel profile. Many different realm routing policies can reference the
same RADIUS service or tunnel profile.
This policy references a RADIUS service profile so a realm match will result in an access request being sent
to the RADIUS server(s) specified in the RADIUS service profile. In this case, the RADIUS service profile
“RadiusPrefix” is referenced and so the RADIUS server(s) defined therein will receive RADIUS access
requests.
Notice that the checkbox is unchecked for “Strip off routing information when sending to RADIUS server”.
This box must always be unchecked in order to pass realm information to the RADIUS server(s) for matching
of realm information to its defined tunnel profiles, which contain the needed tunnel parameters.
The checkbox “Strip off routing information when sending to tunnel server” may or may not be checked
depending on the configuration of the tunnel server and how it will be authenticating subscribers. In this
example, it is checked and so realm information will be stripped leaving only the simple username and
password to be passed to the tunnel server.
The tunnel server in this case is configured to authenticate users via another RADIUS server that handles a
single realm. Since it handles a single realm, no realm information is needed for users and so must be stripped.
In this case, it is stripped by the NSE, but it could easily have been stripped by the tunnel server, or by the
tunnel server’s RADIUS server. This is by design and for maximum flexibility.
Also note that the “Local hostname” field is blank which means that the NSE’s default local hostname of
“usg_lac” will be used by the NSE. This allows for setting the local hostname to any desired value other than
the default.
To Next Page
