Preface
- Text Conventions
- Platform-Dependent Conventions
- Providing Feedback to Us
- Getting Help
- Documentation and Training
About this Guide
- Notational Conventions
Introduction
- WiNG 7.1.X Operating System Overview
- CLI Overview
User Exec Mode Commands
- user-exec-commands
  - captive-portal-page-upload
  - change-password
  - clear
  - clock
  - cluster
  - commit
  - connect
  - crypto
  - create-cluster
  - crypto-cmp-cert-update
  - database
  - database-backup
  - database-restore
  - device-upgrade
  - enable
  - file-sync
  - help
  - join-cluster
  - l2tpv3
  - logging
  - mint
  - no
  - on
  - opendns
  - page
  - ping
  - ping6
  - ssh
  - telnet
  - terminal
  - time-it
  - traceroute
  - traceroute6
  - virtual-machine
  - watch
  - exit
Privileged Exec Mode Commands
- privileged-exec-commands
  - archive
  - boot
  - cd
  - configure
  - copy
  - cpe
  - delete
  - diff
  - dir
  - disable
  - edit
  - erase
  - ex3500
  - factory-reset
  - halt
  - mkdir
  - more
  - operational-mode
  - pwd
  - re-elect
  - reload
  - rename
  - rmdir
  - self
  - t5
  - upgrade
  - upgrade-abort
  - raid
  - no
Global Configuration Commands
- global-config-commands
Common Commands
- common-commands
  - clrscr
  - commit
  - exit
  - help
  - no
  - revert
  - service
  - show
  - write
Show Commands
- show-commands
  - show
  - adoption
  - bluetooth
  - boot
  - bonjour
  - captive-portal
  - captive-portal-page-upload (show commands)
  - cdp
  - classify-url
  - clock
  - cluster
  - cmp-factory-certs
  - commands
  - context
  - critical-resources
  - crypto
  - database
  - device-upgrade
  - dot1x
  - dpi
  - environmental-sensor
  - event-history
  - event-system-policy
  - ex3500
  - extdev
  - fabric-attach
  - file
  - file-sync
  - firewall
  - global
  - gps (show command)
  - gre
  - guest-registration
  - interface
  - iot-device-type-imagotag
  - ip
  - ip-access-list-stats
  - ipv6
  - ipv6-access-list
  - l2tpv3
  - lacp
  - ldap-agent
  - licenses
  - lldp
  - logging
  - mac-access-list-stats
  - mac-address-table
  - macauth
  - mac-auth-clients
  - mint
  - ntp
  - password-encryption
  - pppoe-client
  - privilege
  - radius
  - reload
  - rf-domain-manager
  - role
  - route-maps
  - rtls
  - running-config
  - session-changes
  - session-config
  - sessions
  - site-config-diff
  - smart-rf
  - snmpv3 (show command)
  - spanning-tree
  - startup-config
  - t5
  - terminal
  - timezone
  - traffic-shape
  - tron (show command)
  - upgrade-status
  - version
  - vrrp
  - virtual-machine
  - wireless
  - web-filter
  - what
  - wwan
Profiles
- Profile Config Commands
- Device Config Commands
  - adoption-site
  - area
  - channel-list
  - contact
  - country-code
  - floor
  - geo-coordinates
  - hostname
  - lacp
  - layout-coordinates
  - license
  - location
  - location-server
  - location-tenantid
  - mac-name
  - no
  - nsight
  - override-wlan
  - remove-override
  - rsa-key
  - sensor-server
  - timezone
  - trustpoint (device-config-mode)
  - raid
AAA Policy
- aaa-policy-commands
Auto-Provisioning Policy
- auto-provisioning-policy-commands
  - adopt
  - auto-create-rfd-template
  - default-adoption
  - deny
  - evaluate-always
  - redirect
  - upgrade
  - no
    - upgrade
Association-ACL Policy
- Association-acl-policy-commands
  - deny
  - permit
  - no
Access-List Policy
- ip-access-list
- mac-access-list
- ipv6-access-list
- ip-snmp-access-list
- ex3500-ext-access-list
- ex3500-std-access-list
DHCP-Server Policy
- dhcp-server-policy commands
- dhcpv6-server-policy commands
Firewall Policy
- firewall-policy-commands
  - acl-logging
  - alg
  - clamp
  - dhcp-offer-convert
  - dns-snoop
  - firewall
  - flow
  - ip
  - ip-mac
  - ipv6
  - ipv6-mac
  - logging
  - proxy-arp
  - proxy-nd
  - stateful-packet-inspection-12
  - storm-control
  - virtual-defragmentation
  - no
MiNT Policy
- mint-policy-commands
  - level
  - lsp
  - mtu
  - router
  - udp
  - no
Management Policy
- management-policy-commands
RADIUS Policy
- radius-group
  - guest
  - policy
  - rate-limit
  - no
- radius-server-policy
  - authentication
  - bypass
  - chase-referral
  - crl-check
  - ldap-agent
  - ldap-group-verification
  - ldap-server
  - local
  - nas
  - proxy
  - session-resumption
  - termination
  - use
  - no
- radius-user-pool-policy
  - duration
  - user
  - no
Radio-QoS Policy
- radio-qos-policy-commands
Role Policy
- role-policy-commands
SMART-RF Policy
- smart-rf-policy commands
WIPS Policy
- wips-policy-commands
WLAN-QoS Policy
- WLAN-QOS-Policy commands
L2TPv3 Policy
- l2tpv3-policy-commands
- l2tpv3-tunnel-commands
- l2tpv3-manual-session-commands
Router Mode
- router-mode-commands
Routing Policy
- routing-policy-commands
AAA-TACACS Policy
- aaa-tacacs-policy-commands
Meshpoint Policy
- meshpoint-config-instance
- meshpoint-qos-policy-config-instance
- meshpoint-device-config-instance
Passpoint Policy
- passpoint-policy
Crypto-CMP Policy
- crypto-cmp-policy-instance
- other-cmp-related-commands
  - use (other-cmp-related-commands)
  - show (other-cmp-related-commands)
Roaming Assist Policy
- roaming-assist-policy commands
Border Gateway Protocol
- bgp ip-prefix-list
- bgp ip-access-list
- bgp as-path-list
- bgp community-list
- bop ext-community-list
- bgp route-map
- bgp router-config
- bgp neighbor-config
Controller Managed WLAN Use Case
- CREATING A FIRST CONTROLLER MANAGED WLAN
AP Dual Modes of Operation
- Understanding Dual Mode Capability
AP5XX REV AA Upgrade Procedure
- Introduction
- Bulk 'Rev: AA' AP505/AP510 Upgrade through Virtual Controller
- Bulk 'Rev:AA' AP5XX Upgrade through WiNG Controller/ExtremeCloud Appliance

proxy

Configures a proxy RADIUS server based on the realm/suffix. The realm identifies where the RADIUS server forwards AAA requests for processing.

A user‘s access request is sent to a proxy RADIUS server if it cannot be authenticated by the local RADIUS resources. The proxy server checks the information in the user access request and either accepts or rejects the request. If the proxy server accepts the request, it returns configuration information specifying the type of connection service required to authenticate the user.

The RADIUS proxy appears to act as a RADIUS server to NAS, whereas the proxy appears to act as a RADIUS client to the RADIUS server.

When the proxy server receives a request for a user name with a realm, the server references a table of realms. If the realm is known, the server proxies the request to the RADIUS server.

Supported in the following platforms:

Access Points — AP505i, AP510i/e, AP560i/h
Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

proxy [realm|retry-count|retry-delay]

proxy realm <REALM-NAME> server <IP> port <1024-65535> secret [0 <PASSWORD>|2 <ENCRYPTED-PASSWORD>|<PASSWORD>]

proxy retry-count <3-6>

proxy retry-delay <5-10>

Parameters

proxy realm <REALM-NAME> server <IP> port <1024-65535> secret [0 <PASSWORD>|2 <ENCRYPTED-PASSWORD>|<PASSWORD>]

proxy realm <REALM-NAME>	Configures the realm name <REALM-NAME> – Specify the realm name. The name should not exceed 50 characters.
server <IP>	Configures the proxy server‘s IP address. This is the address of server checking the information in the user access request and either accepting or rejecting the request on behalf of the local RADIUS server. <IP> – Sets the proxy server‘s IP address
port <1024-65535>	Configures the proxy server‘s port. This is the TCP/IP port number for the server that acts as a data source for the proxy server. <1024-65535> – Sets the proxy server‘s port from 1024 - 65535 (default port is 1812)
secret [0 <PASSWORD>\| 2 <ENCRYPTED- PASSWORD> \|<PASSWORD>	Sets the proxy server secret string. The options are: 0 <PASSWORD> – Sets an UNENCRYPTED password 2 <ENCRYPTED-PASSWORD> – Sets an ENCRYPTED password <PASSWORD> – Sets the proxy server shared secret value

proxy retry-count <3-6>

retry-count <3-6>

Sets the proxy server‘s retry count. This is the maximum number of attempts made by a controllers RDIUS server to connect to the proxy server.

<3-6> – Sets a value from 3 - 6 (default is 3 counts)

proxy retry-delay <5-10>

retry-delay <5-10>

Sets the proxy server‘s retry delay count. This is the interval the controller‘s RADIUS server waits before making an additional connection attempt.

<5-10> – Sets a value from 5 - 10 seconds (default is 5 seconds)

Usage Guidelines

A maximum of five RADIUS proxy servers can be configured. The proxy server attempts six retries before it times out. The retry count defines the number of times RADIUS requests are transmitted before giving up. The timeout value is the defines the interval between successive retransmission of a RADIUS request (in case of no reply).

Examples

nx9500-6C8809(config-radius-server-policy-test)#proxy realm test1 server 172.16.10.7 port 1025 secret 0 test1123

nx9500-6C8809(config-radius-server-policy-test)#proxy retry-count 4

nx9500-6C8809(config-radius-server-policy-test)#proxy retry-delay 8

nx9500-6C8809(config-radius-server-policy-test)#show context
radius-server-policy test
 proxy retry-delay 8
 proxy retry-count 4
 proxy realm test1 server 172.16.10.7 port 1025 secret 0 test1123
 ldap-server primary host 172.16.10.19 port 162 login "test" bind-dn "bind-dn1" base-dn "bas-dn1" passwd 0 test@123 passwd-attr test123 group-attr group1 group-filter "groupfilter1" group-membership groupmembership1 net-timeout 2
nx9500-6C8809(config-radius-server-policy-test)#

Related Commands

no	Removes or resets the RADIUS proxy server‘s settings

Published July 2019prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback