Remote Authentication Dial In User Service (RADIUS) over Transport Layer Security (TLS) is an option for transporting RADIUS packets over the secure, reliable, and connection-oriented TLS protocol as defined by RFC 6614.
Using RADIUS over TLS enables dynamic trust relationships between RADIUS servers. Up to eight (8) RADIUS servers are configurable. If all servers are configured as User Datagram Protocol (UDP), then a round-robin algorithm is used to determine which UDP server the initial transmission will be sent to. If more than one TLS servers is live, the highest priority TLS server is chosen for the first transmission.
When a RADIUS server is configured for TLS:
When a mixture of UDP and TLS servers are configured, TLS takes priority. The only time the UDP servers will be used is if all TLS servers are down.
ExtremeSwitching X450-G2, X460-G2, X670-G2, X440-G2, X465, X590, X620, X690, X695, X870, 5420, 5520 series switches.
configure radius tls ocsp [ on | off]
configure radius tls tcp-user-timeout [ seconds | default]
configure radius {mgmt-access | netlogin} [primary | secondary | index] server [host_ipaddr | host_ipV6addr | hostname] {udp_port | tls {tls_port}} client-ip [client_ipaddr | client_ipV6addr] {vr vr_name} {shared-secret {encrypted} secret}
configure radius-accounting { mgmt-access | netlogin } [ primary | secondary | index ] server [ host_ipaddr | host_ipV6addr | hostname] {udp_port | tls {tls_port}} client-ip [ client_ipaddr | client_ipV6addr] {vr vr_name} {shared-secret {encrypted} secret}