.
- Peer Discovery (RFC 7585) Enabled
- Select
this option to enable peer discovery.
Peer Discovery uses the Network
Access Identifier (NAI) in the UserName attribute of the RADIUS
packet to dynamically discover the RADIUS server using DNS.
It
is supported for Secure(TLS) servers only; therefore, Peer Discovery
defaults to the Type
value = Secure. Both the server IP address and port values are
dynamically discovered. The port is usually TCP 2083.
- Type
- Select between Standard
(UDP) or Secure (RADSEC) protocol.
RADSEC supports RADIUS
transactions conducted securely over TCP and TLS (RFC 6614). RADSEC
is not supported with Local Onboarding, and it is not available with
ADMIN access.
- Server Address
- The
RADIUS server address. This value cannot be changed.
- Port
-
- A User Datagram Protocol (UDP) port number used for client
authentication. UDP needs only one port for full-duplex, bidirectional traffic. Select a
UDP port number for standard protocol security.
- For a secure
RADSEC protocol, use port 2083 This is the default port.
- Trust Point
- Refers to the certificate
file required for the secure RADSEC protocol. When a secure RADSEC
protocol is configured, the certificate file of the Access Network
Provider (ANP) and its private key must be specified, and the CA must
also be specified to authenticate the peer's certificate. Select from
the list of configured Trust Points. For information about configuring
Trust Points, see Trust
Points.
- Retries
- Determines the number of times ExtremeCloud IQ
Controller will
attempt to authenticate an end user.
For Local
Onboarding, use the Retries and Timeout values with the RADIUS Server
Health Check parameters to detect RADIUS servers
that are not responding and fail over to a second server if
necessary. When Local Onboarding bypassed is enabled, all RADIUS
requests are sent to one RADIUS server until it fails; then, the
next RADIUS server is used.
- Timeout
- Determines a timeout value, in seconds, for the RADIUS server
connection.
- Status Server Request Timeout
- Status Requests are sent
by the RADIUS client to query the status of the RADIUS server. The
Status Request Timeout is the period between two successive status
requests . Status requests are only sent when the RADIUS server has
stopped responding to the Access Request with an Access Response.
- Shared Secret
- The password that is used to
validate the connection between the client and the RADIUS server.
For RADSEC,
radsec is the default password.
- Mask
- Determines if the Shared Secret or password value is displayed on the user
interface. Enable Mask to display dots in place of the Shared Secret or password value. To
display the password characters, clear the Mask check box.