The Blue Cedar Connect Gateway can authenticate users using a RADIUS (Remote Authentication Dial In User Service) server. For a full description of available configuration attributes, see your RADIUS documentation. 

To configure a RADIUS server for the gateway to authenticate its users, you must provide these details:

  • Set the auth-provider type as radius. 
  • Set the name of the RADIUS provider—a list that contains at least one server.
  • Set the IP address of at least one RADIUS server.
  • Set the shared secret.
% set aaa auth-provider radius provider-name server search-order hostname host 
shared-secret shared-secret
BASH

For example:

% set aaa auth-provider radius MyRadius server 10 hostname 10.99.99.65 
shared-secret testing123
BASH

In addition to the above requirements, you can override the default values for authentication port and server timeout:

% set aaa auth-provider radius provider-name server search-order hostname host 
authentication-port port-number shared-secret shared-secret server-contact-timeout seconds
BASH


For example:

% set aaa auth-provider radius MyRadius server 10 hostname 10.99.99.65 authentication-port 1812 
shared-secret testing123 server-contact-timeout 10
BASH


Provider nameValue
radius provider-nameRequired. Text string identifying the provider of RADIUS servers. You can configure only one provider, which can include several servers.
debug-log-enable

When enabled, save debug logs. 

  • true: log RADIUS debug info to the file /var/log/messages
  • false: don't save RADIUS debug info
Server detailsSet these parameters for each server in the RADIUS provider
server search-order

Use with hostname to specify URLs for backup RADIUS servers when the primary hostname is unreachable. For example:

% set aaa auth-provider radius MyRadius server 10 hostname primary-url 
  shared-secret secret
% set aaa auth-provider radius MyRadius server 20 hostname backup-url 
  shared-secret secret
BASH
hostname host

IP address of the RADIUS server.

accounting-port port-numberThe port number used for IKE RADIUS accounting.
authentication-port port-numberThe port number the RADIUS server is listening on.
shared-secret shared-secretThe RADIUS shared secret, which is known to both the RADIUS client and server.
server-contact-timeout seconds

The number of seconds for the device to wait for a response from each RADIUS server before trying with a different server.