proxy

Configures a proxy RADIUS server based on the realm/suffix. The realm identifies where the RADIUS server forwards AAA requests for processing.

A user‘s access request is sent to a proxy RADIUS server if it cannot be authenticated by the local RADIUS resources. The proxy server checks the information in the user access request and either accepts or rejects the request. If the proxy server accepts the request, it returns configuration information specifying the type of connection service required to authenticate the user.

The RADIUS proxy appears to act as a RADIUS server to NAS, whereas the proxy appears to act as a RADIUS client to the RADIUS server.

When the proxy server receives a request for a user name with a realm, the server references a table of realms. If the realm is known, the server proxies the request to the RADIUS server.

Supported on the following devices:

Access Points: AP3000/X, AP5010, AP310i/e, AP410i/e, AP505i, AP510i, AP510e, AP560i, AP7602, AP7612, AP7622, AP7632, AP7662, AP8163, AP8533.
Service Platforms: NX5500, NX7500, NX9500, NX9600
Virtual Platforms: CX9000, VX9000

Syntax

proxy [realm|retry-count|retry-delay]

proxy realm <REALM-NAME> server <IP> port <1024-65535> secret [0 <PASSWORD>|2 <ENCRYPTED-PASSWORD>|<PASSWORD>]

proxy retry-count <3-6>

proxy retry-delay <5-10>

Parameters

proxy realm <REALM-NAME> server <IP> port <1024-65535> secret [0 <PASSWORD>|2 <ENCRYPTED-PASSWORD>|<PASSWORD>]


proxy realm <REALM-NAME>	Configures the realm name <REALM-NAME> – Specify the realm name. The name should not exceed 50 characters.
server <IP>	Configures the proxy server‘s IP address. This is the address of server checking the information in the user access request and either accepting or rejecting the request on behalf of the local RADIUS server. <IP> – Sets the proxy server‘s IP address
port <1024-65535>	Configures the proxy server‘s port. This is the TCP/IP port number for the server that acts as a data source for the proxy server. <1024-65535> – Sets the proxy server‘s port from 1024 - 65535 (default port is 1812)
secret [0 <PASSWORD>\| 2 <ENCRYPTED- PASSWORD> \|<PASSWORD>	Sets the proxy server secret string. The options are: 0 <PASSWORD> – Sets an UNENCRYPTED password 2 <ENCRYPTED-PASSWORD> – Sets an ENCRYPTED password <PASSWORD> – Sets the proxy server shared secret value

proxy retry-count <3-6>


retry-count <3-6>	Sets the proxy server‘s retry count. This is the maximum number of attempts made by a controllers RDIUS server to connect to the proxy server. <3-6> – Sets a value from 3 - 6 (default is 3 counts)

proxy retry-delay <5-10>


retry-delay <5-10>	Sets the proxy server‘s retry delay count. This is the interval the controller‘s RADIUS server waits before making an additional connection attempt. <5-10> – Sets a value from 5 - 10 seconds (default is 5 seconds)

Usage Guidelines

A maximum of five RADIUS proxy servers can be configured. The proxy server attempts six retries before it times out. The retry count defines the number of times RADIUS requests are transmitted before giving up. The timeout value is the defines the interval between successive retransmission of a RADIUS request (in case of no reply).

Examples

nx9500-6C8809(config-radius-server-policy-test)#proxy realm test1 server 172.16.10.7 port 1025 secret 0 test1123

nx9500-6C8809(config-radius-server-policy-test)#proxy retry-count 4

nx9500-6C8809(config-radius-server-policy-test)#proxy retry-delay 8

nx9500-6C8809(config-radius-server-policy-test)#show context
radius-server-policy test
 proxy retry-delay 8
 proxy retry-count 4
 proxy realm test1 server 172.16.10.7 port 1025 secret 0 test1123
 ldap-server primary host 172.16.10.19 port 162 login "test" bind-dn "bind-dn1" base-dn "bas-dn1" passwd 0 test@123 passwd-attr test123 group-attr group1 group-filter "groupfilter1" group-membership groupmembership1 net-timeout 2
nx9500-6C8809(config-radius-server-policy-test)#

Related Commands


no	Removes or resets the RADIUS proxy server‘s settings