RADIUS Configuration

Owned by Tracy Yang (Unlicensed)
Apr 26, 2023
3 min read

As the RADIUS protocol is simple and scalable, it is the most widely used AAA protocol.

Configuring RADIUS 

Procedure

Step1         Enable RADIUS authentication and authorization.

    set system aaa radius authorization disable <true | false>

Step2         Configure IP address of RADIUS authentication and authorization server.

    set system aaa radius authorization server-ip <ipv4_address>

Step3         Configure port number of RADIUS authentication and authorization server.

    set system aaa radius authorization server-ip <ipv4_address> port <integer>

    By default, the port number of RADIUS authentication and authorization server is 1812. The value of port number should be the same with that on the RADIUS servers.  

Step4         Configure RADIUS authentication and authorization shared key.

    set system aaa radius authorization server-ip <ipv4_address> shared-key <string>

    The value of RADIUS authentication and authorization shared key should be the same with that on the RADIUS server.

Step5         Configure the source interface.

                   set system aaa radius source-interface <interface-name

Step6         Configure RADIUS authentication and authorization connection timeout.

    set system aaa radius authorization server-ip <ipv4_address> timeout <integer>

    By default, the value of RADIUS authentication and authorization connection timeout is 5 seconds.

Step7         Enable RADIUS accounting function.

    set system aaa radius accounting disable <true | false>

Step8         Configure RADIUS accounting server IP.

    set system aaa radius accounting server-ip <ipv4_address>

Step9         Configure port number of RADIUS accounting server.

    set system aaa radius accounting server-ip <ipv4_address> port <integer>

    By default, the port number of RADIUS accounting server is 1813. The value of port number should be the same with that on the RADIUS servers.    

Step10        Configure RADIUS accounting shared key.

    set system aaa radius accounting server-ip <ipv4_address> shared-key <string>

Step11      Configure RADIUS accounting connection timeout.

   set system aaa radius accounting server-ip <ipv4_address> timeout <integer>

Step12      Commit the configurations.

   commit

 Configuration Example

Networking Requirements

As shown in Figure 1, PC1, PC2, and PC3 connect to the internet through the PICA8 Switch. Configure RADIUS function on PICA8 Switch to accomplish authentication, authorization, and accounting of PC1, PC2, and PC3 through RADIUS server1 and RADIUS server2.

Figure 1. RADIUS Networking Topology

Procedure

Step1         Enable RADIUS authentication and authorization.

admin@XorPlus# set system aaa radius authorization disable false

Step2         Configure IP address of RADIUS authentication and authorization server.

admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.4
admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.5

Step3         Configure port number of RADIUS authentication and authorization server.

admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.4 port 1800
admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.5 port 1800

    By default, the port number of RADIUS authentication and authorization server is 1812.

Step4         Configure RADIUS authentication and authorization shared key.

admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.4 shared-key pica8
admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.5 shared-key pica8

    The value of RADIUS authentication and authorization shared key should be the same with that on the RADIUS server.

Step5         Configure the source interface.

admin@XorPlus# set system aaa radius source-interface eth0

Step6         Configure RADIUS authentication and authorization connection timeout.

admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.4 timeout 30
admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.5 timeout 30

    By default, the value of RADIUS connection timeout is 5 seconds.

Step7         Enable RADIUS accounting.

admin@XorPlus# set system aaa radius accounting disable false

Step8         Configure IP address of RADIUS accounting server.

admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.4
admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.5

Step9         Configure port number of RADIUS accounting server.

admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.4 port 1801
admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.5 port 1801

    By default, the port number of RADIUS accounting server is 1813.

Step10        Configure RADIUS accounting shared key.

admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.4 shared-key pica8
admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.5 shared-key pica8

Step11      Configure RADIUS accounting connection timeout.

admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.4 timeout 30
admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.5 timeout 30

Step12      Commit the configurations.

admin@XorPlus# commit

Check the Configuration

  •   You can use the show system aaa radius command to view the configuration information of RADIUS.
admin@XorPlus# show system aaa radius
radius {
        authorization {
            disable: false
            server-ip 10.10.51.4 {
                 timeout: 30
                port: 1800
            }
            server-ip 10.10.51.5 {
                timeout: 30
                port: 1800
            }
        }
        accounting {
            disable: false
            server-ip 10.10.51.4{
                timeout: 30
                port: 1801
            }
            server-ip 10.10.51.5 {
                timeout: 30
                port: 1801
            }
        }

Copyright © 2024 Pica8 Inc. All Rights Reserved.