Configuring RADIUS authentication of gateway users

The Blue Cedar Connect Gateway can authenticate users using a RADIUS (Remote Authentication Dial In User Service) server. For a full description of available configuration attributes, see your RADIUS documentation.

To configure a RADIUS server for the gateway to authenticate its users, you must provide these details:

Set the auth-provider type as radius.
Set the name of the RADIUS provider—a list that contains at least one server.
Set the IP address of at least one RADIUS server.
Set the shared secret.

% set aaa auth-provider radius provider-name server search-order hostname host 
shared-secret shared-secret

BASH

For example:

% set aaa auth-provider radius MyRadius server 10 hostname 10.99.99.65 
shared-secret testing123

BASH

In addition to the above requirements, you can override the default values for authentication port and server timeout:

% set aaa auth-provider radius provider-name server search-order hostname host 
authentication-port port-number shared-secret shared-secret server-contact-timeout seconds

BASH

For example:

% set aaa auth-provider radius MyRadius server 10 hostname 10.99.99.65 authentication-port 1812 
shared-secret testing123 server-contact-timeout 10

BASH

Provider name	Value
radius provider-name	Required. Text string identifying the provider of RADIUS servers. You can configure only one provider, which can include several servers.
debug-log-enable	When enabled, save debug logs. true: log RADIUS debug info to the file /var/log/messages false: don't save RADIUS debug info
Server details	Set these parameters for each server in the RADIUS provider
server search-order	Use with hostname to specify URLs for backup RADIUS servers when the primary hostname is unreachable. For example: `% set aaa auth-provider radius MyRadius server 10 hostname primary-url shared-secret secret % set aaa auth-provider radius MyRadius server 20 hostname backup-url shared-secret secret` BASH
hostname host	IP address of the RADIUS server.
accounting-port port-number	The port number used for IKE RADIUS accounting.
authentication-port port-number	The port number the RADIUS server is listening on.
shared-secret shared-secret	The RADIUS shared secret, which is known to both the RADIUS client and server.
server-contact-timeout seconds	The number of seconds for the device to wait for a response from each RADIUS server before trying with a different server.