Configuring a RADIUS Proxy

A user's access request is sent to a proxy server if it cannot be authenticated by a controller, service platform or access point's local RADIUS resources. The proxy server checks the information in the user access request and either accepts or rejects the request. If the proxy server accepts the request, it returns configuration information specifying the type of connection service required to authenticate the user.

The RADIUS proxy appears to act as a RADIUS server to the NAS, whereas the proxy appears to act as a RADIUS client to the RADIUS server.

When the RADIUS server receives a request for a user name containing a realm, the server references a table of configured realms. If the realm is known, the server proxies the request to the RADIUS server. The behavior of the proxying server is configuration-dependent on most servers. In addition, the proxying server can be configured to add, remove or rewrite requests when they are proxied.

To define a proxy configuration:

  1. Select the Proxy tab from the RADIUS Server Policy screen.
  2. Enter the Proxy server retry delay time in the Proxy Retry Delay field. Enter a value from 5 -10 seconds. This is the interval the RADIUS server waits before making an additional connection attempt. The default delay interval is 5 seconds.
  3. Enter the Proxy server retry count value in the Proxy Retry Count field. Set the number of retries (from 3 - 6) sent to proxy server before giving up the request. The default retry count is 3 attempts.
  4. Select the + Add Row button to add a RADIUS server proxy realm name and network address. To delete a proxy server entry, select the Delete icon on the right-hand side of the table entry.
  5. Enter the realm name in the Realm Name field. The realm name cannot exceed 50 characters. When the RADIUS server receives a request for a user name with a realm, the server references a table of realms. If the realm is known, the server proxies the request to the RADIUS server.
  6. Enter the Proxy server IP address in the IP Address field. This is the address of server checking the information in the user access request and either accepting or rejecting the request on behalf of the local RADIUS server.
  7. In the Port Number field, enter the TCP/IP port number for the server used as a data source for the proxy server. Use the spinner to select a value from 1024 and 65535. The default port is 1812.
  8. Enter the RADIUS client shared secret password in the Shared Secret field. This password is for authenticating the RADIUS proxy.

    Select the Show checkbox to expose the shared secret's actual character string, leaving the option unselected displays the shared secret as a string of asterisks (*).

  9. Click OK to save the changes. Click Reset to revert to the last saved configuration.