Configure an External RADIUS Server

First begin configuring a RADIUS server group. See Configure a RADIUS Server Group.

To add an external RADIUS server, you require the IP address, authentication port number, and the shared secret for the RADIUS server.

This task is part of the network policy configuration workflow. Use this task to configure a RADIUS server for a RADIUS server group, as part of a network policy.

  1. On the Configure RADIUS Servers page, select EXTERNAL RADIUS SERVER.
  2. Select an existing server, or select Add.
  3. Type a Name for the server.
  4. Optional: Type a Description for the server.
  5. Select the IP/Host Name for the server.
    If you do not see the IP address that you need, select Add to define a new one (IPv4 or IPv6).

    If the address object is a host name, ensure that the devices can resolve it to an IP address. If you configure a domain name for the devices, or if the devices dynamically receive a domain name through DHCP, and the RADIUS server belongs to the same domain, the RADIUS server name can be just the host name without the domain name. If the RADIUS server belongs to a different domain, the address object must be the fully qualified domain name (FQDN): the host name + the domain name.

  6. For Server Type, choose the RADIUS server role:
    • Authentication: As an authentication server, the RADIUS service requests that the client device demonstrate its identity.
    • Port: Set the RADIUS authentication port.
    • Accounting: As an accounting server, the RADIUS service tracks client-server session details.
    • Port: Set the RADIUS accounting port number.
  7. Type the Shared Secret for authenticating communications with the RADIUS server.
  8. Optional: Select Show Password.
  9. Select SAVE EXTERNAL RADIUS.

Finish configuring the RADIUS server group.

9038923-00 Rev AB