configure radius dynamic-authorization server client-ip

configure radius dynamic-authorization index [nas-ip [ignore | require] | server [host_ipaddr | host_ipV6addr | hostname] {tls {tls_port}} client-ip [client_ipaddr | client_ipV6addr] {vr vr_name} {shared-secret {encrypted} secret}

Description

This command configures up to eight RADIUS servers with dynamic authorization.
Note

Note

It is recommended to enable loopback mode on the VLAN associated with RADIUS if the RADIUS connectivity is established using a front panel port on a SummitStack.

Syntax Description

dynamic-authorization Specifies RADIUS dynamic authorization.
index RADIUS server index. Range: 1–2147483641.
nas-ip Specifies configuring the Network Access Server (NAS) IP Address requirement.
ignore Specifies to ignore the NAS-IP Address requirement.
require Specifies to require the NAS-IP Address (default).
server host_ipaddr host_ipV6addr Server IPv4 address in either IPv4 (host_ipaddr) or IPv6 (host_ipV6addr) format.
hostname The host name of the server being configured.
tls Specifies using Transmission Control Protocol (TCP).
tls_port The TLS port to use to contact the RADIUS authentication server.
client-ip client_ipaddr client_ipV6addr Client address in either IPv4 (client_ipaddr) or IPv6 format (client_ipV6addr).
vr vr_name Specifies the virtual router on which the client IP is located.
Note: User-created VRs are supported only on the platforms listed for this feature in the Switch Engine 32.2 Feature License Requirements document.
shared-secret Shared secret.
secret Secret string.
encrypted Password is encrypted.

Default

The virtual router used is VR-Mgmt, the management virtual router.

Usage Guidelines

Use this command to specify RADIUS server information.

Use of the hostname parameter requires that DNS be enabled.

The RADIUS server defined by this command is used for user name authentication and CLI command authentication.

Example

The following example configures a RADIUS dynamic authorization server with server index 100 on host "radius1" using the default UDP port (1812) for use by the RADIUS client on switch 10.10.20.30 using a virtual router interface of VR-Default:

configure radius dynamic-authorization 100 server radius1 client-ip 10.10.20.30 vr vr-Default

History

This command was first available in ExtremeXOS 22.1.

The nas-ip option with ignore and require variables were introducted in ExtremeXOS 31.3.

The tls keyword with tls_port variable was added in ExtremeXOS 31.4.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.