Enable the Source IP Flag for the RADIUS Server

Note

Note

This procedure only applies to VSP 8600 Series.

Before you begin

  • To configure the CLIP as the source IP address, you must enable the global RADIUS sourceip-flag. You can then configure the source-ip address parameter while defining the RADIUS server on the switch. The source IP address must be a CLIP address, and that you can configure a different CLIP address for each RADIUS server.

Important

Important

Use the source IP option only for the RADIUS servers connected to the in-band network.

About this task

By default, the switch uses the IP address of the outgoing interface as the source IP, and the NAS IP address for RADIUS packets that it transmits. Enable the source IP so the switch uses a configured source IP address instead. Therefore, if the outgoing interface on the switch fails, a different source IP address is used—requiring that you make configuration changes to define the new RADIUS Client on the RADIUS server.

RADIUS supports IPv4 and IPv6 addresses, with no difference in functionality or configuration in CLI.

To simplify RADIUS Server configuration, you can configure the switch to use a Circuitless IP Address (CLIP) as the source IP and NAS IP address when transmitting RADIUS packets. A CLIP is not associated with a physical interface and is always in an active and operational state. You can configure the switch with multiple CLIP interfaces.

The default for radius sourceip-flag is false.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Enable the RADIUS packet source IP flag:

    radius sourceip-flag