RADIUS Authentication and Authorization Enhancements

The RADIUS client software sends authentication requests using standard mechanisms for PAP, CHAP (RFC 2865 (13)) and EAP (RFC 3579 (12)).

his feature introduces authentication retransmission algorithm capability, which uses two retransmission algorithms in combination: Back-off Round Robin, and simple Round Robin. These retransmission algorithms provide server redundancy.

Eight authentication servers are now supported.

Supported Platforms

  • BlackDiamond X8 and BlackDiamond 8800 series switches
  • Summit X770, X670, X670-G2, X480, X460, X460-G2, X450-G2, X440, and X430 series switches
  • E4G-200 and E4G-400 cell site routers

New CLI Commands

configure radius algorithm [standard | round-robin]

configure radius algorithm [standard | round-robin]

unconfigure radius-accounting [server index]

unconfigure radius [server index]

Changed CLI Commands

Changes are underlined.

configure radius {mgmt-access | netlogin} [primary | secondary | index] server [host_ipaddr | host_ipV6addr | hostname] {udp_port} client-ip [client_ipaddr | client_ipV6addr] {vr vr_name} {shared-secret {encrypted} secret}

configure radius [primary | secondary index] shared-secret {encryptedencrypted_secret | secret}

configure radius-accounting {mgmt-access | netlogin} [primary | secondary |index] server [host_ipaddr | host_ipV6addr | hostname] {udp_port} client-ip [client_ipaddr | client_ipV6addr] {vr vr_name} {shared-secret {encrypted} secret}

show radius {mgmt-access | netlogin} {primary | secondary | index}

show radius-accounting {mgmt-access | netlogin} {primary | secondary | index}