RADIUS-Snooping Configuration Example

Our RADIUS-Snooping configuration example will configure a distribution-tier switch for two RADIUS request and response flows (index 1 and index 2). Index 1 is from RADIUS client 10.10.10.10 through the network core to the RADIUS server 50.50.50.50. Index 2 is from RADIUS client 10.10.10.20 through a layer 2 switch to the local RADIUS server 50.50.50.60. Each flow is transiting the single distribution-tier switch configured in this example.

See RADIUS-Snooping Configuration Example Overview for an illustration of the example setup.

Click to expand in new window
RADIUS-Snooping Configuration Example Overview
Graphics/RSConfig1.png

We first enable RADIUS-Snooping at the system level for the distribution-tier switch. We then enable two sets of ports (ge.1.5-10 and ge.1.15-24) over which all RADIUS-Snooping request and response frames will transit. In the same command line we:

  • Enable drop on all ports (S-, K-Series)
  • Set the maximum number of RS sessions per port to 256

We then configure the two flows as specified above for UDP port 1812 and a secret of “mysecret”.

We complete the configuration by changing the timeout value at the system level to 15 seconds from a default of 20 seconds.