Configure RADIUS Proxy

About this task

A user's access request is sent to a proxy server if it cannot be authenticated by a controller or service platform local RADIUS resources. The proxy server checks the information in the user access request and either accepts or rejects the request. If the proxy server accepts the request, it returns configuration information specifying the type of connection service required to authenticate the user.

The RADIUS proxy appears to act as a RADIUS server to the NAS, whereas the proxy appears to act as a RADIUS client to the RADIUS server.

When the RADIUS server receives a request for a user name containing a realm, the server references a table of configured realms. If the realm is known, the server proxies the request to the RADIUS server. The behavior of the proxying server is configuration-dependent on most servers. In addition, the proxying server can be configured to add, remove, or rewrite requests when they are proxied.

To define a proxy configuration:

Procedure

  1. Go to Policies > RADIUS Server.
  2. Select a radius server and navigate to the Proxy dashboard.
  3. Configure the proxy settings:
    Setting Description
    Proxy Retries
    • Proxy Retry Delay - Type the Proxy server retry delay time in the Proxy Retry Delay field. Enter a value from 5 -10 seconds. This is the interval the RADIUS server waits before making an additional connection attempt. The default delay interval is 5 seconds
    • Proxy Retry Count - Type the Proxy server retry count value in the Proxy Retry Count field. Set the number of retries from 3 - 6 sent to proxy server before giving up the request. The default retry count is 3 attempts
    Realms Select Add to create a RADIUS server policy realm and network address.

    Select icon to delete an existing RADIUS service policy.

    Configure the following realms settings:
    • Realm Name - Assign a realm name in the Realm Name field. The realm name cannot exceed 50 characters. When the RADIUS server receives a request for a user name with a realm, the server references a table of realms. If the realm is known, the server proxies the request to the RADIUS server
    • IP Address - Provide the Proxy server IP address in the IP Address field. This is the address of server checking the information in the user access request and either accepting or rejecting the request on behalf of the local RADIUS server
    • Port Number - Type the TCP/IP port number for the server used as a data source for the proxy server. Use the spinner to select a value from 1024 and 65535. The default port is 1812
    • Shared Secret - Provide the RADIUS client shared secret password in the Shared Secret field. This password is for authenticating the RADIUS proxy

      Select the icon to reveal the shared secret's character string

    Select Add to include the realm in the proxy server.
  4. Select Save to update the changes.
9037026-00 Rev AB