Configure the Source IP Option for the RADIUS Server

Note

Note

This procedure only applies to VSP 8600 Series.

Before you begin

  • To configure the CLIP as the source IP address, you must configure the global RADIUS sourceip-flag parameter as true. You can configure the source-ip address parameter while you define the RADIUS Server on the switch. The source IP address must be a CLIP address, and you can configure a different CLIP address for each RADIUS server. For more information about configuring the source IP address, see Add a RADIUS Server.

Important

Important

Use the source IP option only for the RADIUS servers connected to the in-band network.

About this task

By default, the switch uses the IP address of the outgoing interface as the source IP and NAS IP address for RADIUS packets that it transmits. When you configure the RADIUS server, this IP address is used when defining the RADIUS Clients that communicate with it. Therefore, if the outgoing interface on the switch fails, a different source IP address is used—requiring that you make configuration changes to define the new RADIUS client on the RADIUS server.

To simplify RADIUS Server configuration, you can configure the switch to use a Circuitless IP Address (CLIP) as the source IP and NAS IP address when transmitting RADIUS packets. A CLIP is not associated with a physical interface and is always in an active and operational state. You can configure the switch with multiple CLIP interfaces.

RADIUS supports IPv4 and IPv6 addresses with no difference in functionality or configuration in all but the following case. When adding a RADIUS server in Enterprise Device Manager (EDM) or modifying a RADIUS configuration in EDM, you must specify if the address type is an IPv4 or an IPv6 address.

Procedure

  1. In the navigation pane, expand Configuration > Security > Control Path.
  2. Select RADIUS.
  3. In the RADIUS Global tab, select SourceIpFlag.
  4. Select Apply.

RADIUS Global Field Descriptions

Use the data in the following table to use the RADIUS Global tab.

Name

Description

Enable

Enables the RADIUS authentication feature globally.

MaxNumberServer

Specifies the maximum number of servers to be used, between 1 and 10, inclusive.

AccessPriorityAttrValue

Specific to RADIUS authentication. Specifies the vendor-specific attribute value of the access-priority attribute to match the type value set in the dictionary file on the RADIUS server. The valid values are 192 through 240. The default is 192.

AcctEnable

Enables RADIUS accounting.

AcctAttriValue

Specific to RADIUS accounting. Specifies the vendor-specific attribute value of the CLI-command attribute to match the type value set in the dictionary file on the RADIUS server. This value must be different from the access-priority attribute value configured for authentication. The valid values are 192 through 240. The default value is 193.

AcctIncludeCli

Specifies whether you want CLI commands included in RADIUS accounting requests.

ClearStat

Clears RADIUS statistics from the device.

McastAttributeValue

Specifies the value of the Mcast attribute. The valid values are 0 through 255. The default value is 90.

AuthInfoAttrValue

Specifies the value of the authentication information attribute. The valid values are 0 through 255. The default value is 91.

CommandAccessAttrValue

Specifies the value of the command access attribute. The valid values are 192 through 240. The default value is 194.

CliCommandAttrValue

Specifies the value of the CLI command attribute. The valid values are 192 through 240. The default value is 195.

AuthInvalidServerAddress

Displays the number of access responses from unknown or invalid RADIUS servers.

SourceIpFlag

Note:

Exception: only supported on VSP 8600 Series.

Includes a configured IP address as the source address in RADIUS packets. The default is false. RADIUS supports IPv4 and IPv6 addresses with no difference in functionality or configuration.

CliCmdCount

Gives the value for the CLI command count. Specify an integer from 1 to 40. The default is 40.

CliProfEnable

Enables RADIUS CLI profiling.

SupportedVendorIds

Shows the vendor IDs that the software supports for RADIUS.

RadiusReachability

Specifies the mode for RADIUS reachability. Status-server mode provides a standard-compliant method for RADIUS reachability. Use-radius mode requires the configuration of dummy packets that are sent to RADIUS servers. The default is use-radius mode.

SecureEnable

Enable RADIUS Security (RADSec).

UserName

Specifies the username for RADIUS server reachability. The default is extremenetworks.

Password

Specifies the password for RADIUS server reachability. The default is extremenetworks.

Confirm Password

Confirms the password for RADIUS server reachability.

Unreachable Timer

Specifies, in seconds, the interval between checks when radius server is unreachable. The default is 60 seconds.

Keep Alive Timer

Specifies, in seconds, the interval between checks when radius server is reachable. The default is 180 seconds.