This task is part of the network policy configuration workflow. Use this task to configure RADIUS server settings for IQ Engine devices for a RADIUS server group, as part of a network policy.
and configure the following settings:
| Setting | Description |
|---|---|
| Retry Interval | Specify the time between retries for an unresponsive
primary RADIUS server Access-Request. The device retries the
primary server after the interval elapses, even if the
current backup server is responding. Range: 60–100000000 (seconds) Default: 600 Note: Do
not enter commas in this field. Enter 100,000,000 as
100000000.
|
| Accounting Interim Update Interval | Specify the interval for sending RADIUS accounting
updates to report the client session status and cumulative
length. Range: 10–100000000 (seconds) Default: 600 Note: Do not enter commas in this field. Enter
100,000,000 as 100000000.
|
| Permit Dynamic Change Of Authorization Messages (RFC 3576) | Enable the RADIUS server to dynamically change the authorization for a user, or to disconnect a user per RFC 3576. When you enable this parameter, devices acting as RADIUS authenticators can accept unsolicited disconnect and Change of Authorization (CoA) messages from a RADIUS authentication server, such as GuestManager, per RFC 3576. Disconnect messages terminate a user session immediately, and CoA messages modify session authorization attributes such as VLANs and user profile IDs. |
| Inject Operator-Name attribute | Select to include the Operator-Name attribute in the Access-Request and Accounting-Request messages that the Extreme Networks RADIUS authenticators send to the RADIUS authentication server. The attribute value is the domain name suffix of the Extreme Networks authenticator, usually assigned by DHCP, and helps to identify the authentication requests source. Providing source information like this can aid in troubleshooting authentication problems. |
| Message Authenticator attribute | The Message Authenticator attribute is an HMAC-MD5
checksum of the entire Access-Request packet, containing the
Type, ID, Length, and Authenticator field, using the shared
secret as the key. This ensures the authenticity and
integrity of the packet. ExtremeCloud IQ uses this attribute to authenticate RADIUS server replies, and to encrypt passwords. |
| Override default failover settings | Select this option to override the default RADIUS server
failover and retry interval. The retry interval is the
number of seconds between RADIUS server requests. Select Aggressive or Custom (Range 1-5). Set the First retry interval. (Default: 1) Set the Max-retries value, which is the maximum number or retries, before failing over to a configured backup RADIUS server. (Default: 3) |
Finish configuring the RADIUS server group.