Configures a proxy RADIUS server based on the realm/suffix. The realm identifies where the RADIUS server forwards AAA requests for processing.

A user‘s access request is sent to a proxy RADIUS server if it cannot be authenticated by the local RADIUS resources. The proxy server checks the information in the user access request and either accepts or rejects the request. If the proxy server accepts the request, it returns configuration information specifying the type of connection service required to authenticate the user.

The RADIUS proxy appears to act as a RADIUS server to NAS, whereas the proxy appears to act as a RADIUS client to the RADIUS server.

When the proxy server receives a request for a user name with a realm, the server references a table of realms. If the realm is known, the server proxies the request to the RADIUS server.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000


proxy [realm|retry-count|retry-delay]
proxy realm <REALM-NAME> server <IP> port <1024-65535> secret [0 <PASSWORD>|2 <ENCRYPTED-PASSWORD>|<PASSWORD>]
proxy retry-count <3-6>
proxy retry-delay <5-10>


proxy realm <REALM-NAME> server <IP> port <1024-65535> secret [0 <PASSWORD>|2 <ENCRYPTED-PASSWORD>|<PASSWORD>]

proxy realm <REALM-NAME>

Configures the realm name

  • <REALM-NAME> – Specify the realm name. The name should not exceed 50 characters.

server <IP>

Configures the proxy server‘s IP address. This is the address of server checking the information in the user access request and either accepting or rejecting the request on behalf of the local RADIUS server.

  • <IP> – Sets the proxy server‘s IP address

port <1024-65535>

Configures the proxy server‘s port. This is the TCP/IP port number for the server that acts as a data source for the proxy server.

  • <1024-65535> – Sets the proxy server‘s port from 1024 - 65535 (default port is 1812)


Sets the proxy server secret string. The options are:

  • 0 <PASSWORD> – Sets an UNENCRYPTED password

  • 2 <ENCRYPTED-PASSWORD> – Sets an ENCRYPTED password

  • <PASSWORD> – Sets the proxy server shared secret value

proxy retry-count <3-6>

retry-count <3-6>

Sets the proxy server‘s retry count. This is the maximum number of attempts made by a controllers RDIUS server to connect to the proxy server.

  • <3-6> – Sets a value from 3 - 6 (default is 3 counts)

proxy retry-delay <5-10>

retry-delay <5-10>

Sets the proxy server‘s retry delay count. This is the interval the controller‘s RADIUS server waits before making an additional connection attempt.

  • <5-10> – Sets a value from 5 - 10 seconds (default is 5 seconds)

Usage Guidelines

A maximum of five RADIUS proxy servers can be configured. The proxy server attempts six retries before it times out. The retry count defines the number of times RADIUS requests are transmitted before giving up. The timeout value is the defines the interval between successive retransmission of a RADIUS request (in case of no reply).


nx9500-6C8809(config-radius-server-policy-test)#proxy realm test1 server port 1025 secret 0 test1123
nx9500-6C8809(config-radius-server-policy-test)#proxy retry-count 4
nx9500-6C8809(config-radius-server-policy-test)#proxy retry-delay 8
nx9500-6C8809(config-radius-server-policy-test)#show context
radius-server-policy test
 proxy retry-delay 8
 proxy retry-count 4
 proxy realm test1 server port 1025 secret 0 test1123
 ldap-server primary host port 162 login "test" bind-dn "bind-dn1" base-dn "bas-dn1" passwd 0 test@123 passwd-attr test123 group-attr group1 group-filter "groupfilter1" group-membership groupmembership1 net-timeout 2

Related Commands

no Removes or resets the RADIUS proxy server‘s settings