RADIUS Configuration
As the RADIUS protocol is simple and scalable, it is the most widely used AAA protocol.
Configuring RADIUS
Procedure
Step1 Enable RADIUS authentication and authorization.
set system aaa radius authorization disable <true | false>
Step2 Configure IP address of RADIUS authentication and authorization server.
set system aaa radius authorization server-ip <ipv4_address>
Step3 Configure port number of RADIUS authentication and authorization server.
set system aaa radius authorization server-ip <ipv4_address> port <integer>
By default, the port number of RADIUS authentication and authorization server is 1812. The value of port number should be the same with that on the RADIUS servers.
Step4 Configure RADIUS authentication and authorization shared key.
set system aaa radius authorization server-ip <ipv4_address> shared-key <string>
The value of RADIUS authentication and authorization shared key should be the same with that on the RADIUS server.
Step5 Configure the source interface.
set system aaa radius source-interface <interface-name>
Step6 Configure RADIUS authentication and authorization connection timeout.
set system aaa radius authorization server-ip <ipv4_address> timeout <integer>
By default, the value of RADIUS authentication and authorization connection timeout is 5 seconds.
Step7 Enable RADIUS accounting function.
set system aaa radius accounting disable <true | false>
Step8 Configure RADIUS accounting server IP.
set system aaa radius accounting server-ip <ipv4_address>
Step9 Configure port number of RADIUS accounting server.
set system aaa radius accounting server-ip <ipv4_address> port <integer>
By default, the port number of RADIUS accounting server is 1813. The value of port number should be the same with that on the RADIUS servers.
Step10 Configure RADIUS accounting shared key.
set system aaa radius accounting server-ip <ipv4_address> shared-key <string>
Step11 Configure RADIUS accounting connection timeout.
set system aaa radius accounting server-ip <ipv4_address> timeout <integer>
Step12 Commit the configurations.
commit
Configuration Example
Networking Requirements
As shown in Figure 1, PC1, PC2, and PC3 connect to the internet through the PICA8 Switch. Configure RADIUS function on PICA8 Switch to accomplish authentication, authorization, and accounting of PC1, PC2, and PC3 through RADIUS server1 and RADIUS server2.
Figure 1. RADIUS Networking Topology
Procedure
Step1 Enable RADIUS authentication and authorization.
admin@XorPlus# set system aaa radius authorization disable false
Step2 Configure IP address of RADIUS authentication and authorization server.
admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.4 admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.5
Step3 Configure port number of RADIUS authentication and authorization server.
admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.4 port 1800 admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.5 port 1800
By default, the port number of RADIUS authentication and authorization server is 1812.
Step4 Configure RADIUS authentication and authorization shared key.
admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.4 shared-key pica8 admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.5 shared-key pica8
The value of RADIUS authentication and authorization shared key should be the same with that on the RADIUS server.
Step5 Configure the source interface.
admin@XorPlus# set system aaa radius source-interface eth0
Step6 Configure RADIUS authentication and authorization connection timeout.
admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.4 timeout 30 admin@XorPlus# set system aaa radius authorization server-ip 10.10.51.5 timeout 30
By default, the value of RADIUS connection timeout is 5 seconds.
Step7 Enable RADIUS accounting.
admin@XorPlus# set system aaa radius accounting disable false
Step8 Configure IP address of RADIUS accounting server.
admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.4 admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.5
Step9 Configure port number of RADIUS accounting server.
admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.4 port 1801 admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.5 port 1801
By default, the port number of RADIUS accounting server is 1813.
Step10 Configure RADIUS accounting shared key.
admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.4 shared-key pica8 admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.5 shared-key pica8
Step11 Configure RADIUS accounting connection timeout.
admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.4 timeout 30 admin@XorPlus# set system aaa radius accounting server-ip 10.10.51.5 timeout 30
Step12 Commit the configurations.
admin@XorPlus# commit
Check the Configuration
- You can use the show system aaa radius command to view the configuration information of RADIUS.
admin@XorPlus# show system aaa radius radius { authorization { disable: false server-ip 10.10.51.4 { timeout: 30 port: 1800 } server-ip 10.10.51.5 { timeout: 30 port: 1800 } } accounting { disable: false server-ip 10.10.51.4{ timeout: 30 port: 1801 } server-ip 10.10.51.5 { timeout: 30 port: 1801 } }
Copyright © 2024 Pica8 Inc. All Rights Reserved.