Configure the Source IP Option for the RADIUS Server
Note
This procedure only applies to VSP 8600 Series.
Before you begin
-
To configure the CLIP as the source IP address, you must configure the global RADIUS sourceip-flag parameter as true. You can configure the source-ip address parameter while you define the RADIUS Server on the switch. The source IP address must be a CLIP address, and you can configure a different CLIP address for each RADIUS server. For more information about configuring the source IP address, see Add a RADIUS Server.
Important
Use the source IP option only for the RADIUS servers connected to the in-band network.
About this task
By default, the switch uses the IP address of the outgoing interface as the source IP and NAS IP address for RADIUS packets that it transmits. When you configure the RADIUS server, this IP address is used when defining the RADIUS Clients that communicate with it. Therefore, if the outgoing interface on the switch fails, a different source IP address is used—requiring that you make configuration changes to define the new RADIUS client on the RADIUS server.
To simplify RADIUS Server configuration, you can configure the switch to use a Circuitless IP Address (CLIP) as the source IP and NAS IP address when transmitting RADIUS packets. A CLIP is not associated with a physical interface and is always in an active and operational state. You can configure the switch with multiple CLIP interfaces.
RADIUS supports IPv4 and IPv6 addresses with no difference in functionality or configuration in all but the following case. When adding a RADIUS server in Enterprise Device Manager (EDM) or modifying a RADIUS configuration in EDM, you must specify if the address type is an IPv4 or an IPv6 address.
Procedure
- In the navigation pane, expand .
- Select RADIUS.
- In the RADIUS Global tab, select SourceIpFlag.
- Select Apply.
RADIUS Global Field Descriptions
Use the data in the following table to use the RADIUS Global tab.
|
Name |
Description |
|---|---|
|
Enable |
Enables the RADIUS authentication feature globally. |
|
MaxNumberServer |
Specifies the maximum number of servers to be used, between 1 and 10, inclusive. |
|
AccessPriorityAttrValue |
Specific to RADIUS authentication. Specifies the vendor-specific attribute value of the access-priority attribute to match the type value set in the dictionary file on the RADIUS server. The valid values are 192 through 240. The default is 192. |
|
AcctEnable |
Enables RADIUS accounting. |
|
AcctAttriValue |
Specific to RADIUS accounting. Specifies the vendor-specific attribute value of the CLI-command attribute to match the type value set in the dictionary file on the RADIUS server. This value must be different from the access-priority attribute value configured for authentication. The valid values are 192 through 240. The default value is 193. |
|
AcctIncludeCli |
Specifies whether you want CLI commands included in RADIUS accounting requests. |
|
ClearStat |
Clears RADIUS statistics from the device. |
|
McastAttributeValue |
Specifies the value of the Mcast attribute. The valid values are 0 through 255. The default value is 90. |
|
AuthInfoAttrValue |
Specifies the value of the authentication information attribute. The valid values are 0 through 255. The default value is 91. |
|
CommandAccessAttrValue |
Specifies the value of the command access attribute. The valid values are 192 through 240. The default value is 194. |
|
CliCommandAttrValue |
Specifies the value of the CLI command attribute. The valid values are 192 through 240. The default value is 195. |
|
AuthInvalidServerAddress |
Displays the number of access responses from unknown or invalid RADIUS servers. |
|
SourceIpFlag Note:
Exception: only supported on VSP 8600 Series. |
Includes a configured IP address as the source address in RADIUS packets. The default is false. RADIUS supports IPv4 and IPv6 addresses with no difference in functionality or configuration. |
|
CliCmdCount |
Gives the value for the CLI command count. Specify an integer from 1 to 40. The default is 40. |
|
CliProfEnable |
Enables RADIUS CLI profiling. |
|
SupportedVendorIds |
Shows the vendor IDs that the software supports for RADIUS. |
|
RadiusReachability |
Specifies the mode for RADIUS reachability. Status-server mode provides a standard-compliant method for RADIUS reachability. Use-radius mode requires the configuration of dummy packets that are sent to RADIUS servers. The default is use-radius mode. |
|
SecureEnable |
Enable RADIUS Security (RADSec). |
|
UserName |
Specifies the username for RADIUS server reachability. The default is extremenetworks. |
|
Password |
Specifies the password for RADIUS server reachability. The default is extremenetworks. |
|
Confirm Password |
Confirms the password for RADIUS server reachability. |
|
Unreachable Timer |
Specifies, in seconds, the interval between checks when radius server is unreachable. The default is 60 seconds. |
|
Keep Alive Timer |
Specifies, in seconds, the interval between checks when radius server is reachable. The default is 180 seconds. |