configure radius-accounting server client-ip

configure radius-accounting { mgmt-access | netlogin } [ primary | secondary | index ] server [ host_ipaddr | host_ipV6addr | hostname] {udp_port | tls {tls_port}} client-ip [ client_ipaddr | client_ipV6addr] {vr vr_name} {shared-secret {encrypted} secret}

Description

Configures the RADIUS accounting server.

Syntax Description

mgmt-access Specifies the RADIUS authentication server for switch management.
netlogin Specifies the RADIUS authentication server for network login.
primary Configures the primary RADIUS authentication server.
secondary Configures the secondary RADIUS authentication server.
index RADIUS server index. Range: 1 - 2147483641.
ipaddress The IP address of the server being configured.
host_ipV6addr Server IPv6 address.
hostname The host name of the server being configured.
udp_port The UDP port to use to contact the RADIUS authentication server.
tls Specifies using Transfer Layer Security (TLS).
tls_port The TLS port to use to contact the RADIUS accounting server.
ipaddress The IP address used by the switch to identify itself when communicating with the RADIUS authentication server.
client_ipV6addr Client IPv6 address.
vr_name Specifies the virtual router on which the client IP is located.
Note: User-created VRs are supported only on the platforms listed for this feature in the Switch Engine 32.2 Feature License Requirements document.
shared-secret Shared secret
secret Secret string.
encrypted Password is encrypted.

Default

The following lists the default behavior of this command:
  • The UDP port setting is 1813.
  • The TLS port setting is 2083.
  • The virtual router used is VR-Mgmt, the management virtual router.
  • Switch management and network login use the same RADIUS accounting server.

Usage Guidelines

Use this command to specify the radius accounting server.

The accounting server and the RADIUS authentication server can be the same.

Use of the hostname parameter requires that DNS be enabled.

Beginning with ExtremeXOS 11.2, you can specify one pair of RADIUS accounting servers for switch management and another pair for network login. To specify RADIUS accounting servers for switch management (Telnet, SSH, and console sessions), use the mgmt-access keyword. To specify RADIUS accounting servers for network login, use the netlogin keyword. If you do not specify a keyword, switch management and network login use the same pair of RADIUS accounting servers.

If you are running ExtremeXOS 11.1 or earlier and upgrade to ExtremeXOS 11.2, you do not lose your existing RADIUS accounting server configuration. Both switch management and network login use the RADIUS accounting server specified in the older configuration.

Example

The following example configures RADIUS accounting on host radius1 using the default UDP port (1813) for use by the RADIUS client on switch 10.10.20.30 using a virtual router interface of VR-Default for both management and network login:

configure radius-accounting primary server radius1 client-ip 10.10.20.30 vr vr-Default

The following example configures RADIUS accounting for network login on host netlog1 using the default UDP port for use by the RADIUS client on switch 10.10.20.31 using the default virtual router interface:

configure radius-accounting netlogin primary server netlog1 client-ip 10.10.20.31

History

This command was first available in ExtremeXOS 10.1.

The mgmt-access and netlogin keywords were added in ExtremeXOS 11.2.

The index, host_ipV6addr, client_ipV6addr, shared-secret, and encrypted keywords were added in ExtremeXOS 16.1.

The tls keyword with tls_port variable was added in ExtremeXOS 31.4.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.