Skip to main content
Skip table of contents

Configuring RADIUS authentication of gateway users

The Blue Cedar Connect Gateway can authenticate users using a RADIUS (Remote Authentication Dial In User Service) server. For a full description of available configuration attributes, see your RADIUS documentation. 

To configure a RADIUS server for the gateway to authenticate its users, you must provide these details:

  • Set the auth-provider type as radius. 
  • Set the name of the RADIUS provider—a list that contains at least one server.
  • Set the IP address of at least one RADIUS server.
  • Set the shared secret.
BASH 
% set aaa auth-provider radius provider-name server search-order hostname host 
shared-secret shared-secret

For example:

BASH 
% set aaa auth-provider radius MyRadius server 10 hostname 10.99.99.65 
shared-secret testing123

In addition to the above requirements, you can override the default values for authentication port and server timeout:

BASH 
% set aaa auth-provider radius provider-name server search-order hostname host 
authentication-port port-number shared-secret shared-secret server-contact-timeout seconds


For example:

BASH 
% set aaa auth-provider radius MyRadius server 10 hostname 10.99.99.65 authentication-port 1812 
shared-secret testing123 server-contact-timeout 10


Provider nameValue
radius provider-nameRequired. Text string identifying the provider of RADIUS servers. You can configure only one provider, which can include several servers.
debug-log-enable

When enabled, save debug logs. 

  • true: log RADIUS debug info to the file /var/log/messages
  • false: don't save RADIUS debug info
Server detailsSet these parameters for each server in the RADIUS provider
server search-order

Use with hostname to specify URLs for backup RADIUS servers when the primary hostname is unreachable. For example:

BASH 
% set aaa auth-provider radius MyRadius server 10 hostname primary-url 
  shared-secret secret
% set aaa auth-provider radius MyRadius server 20 hostname backup-url 
  shared-secret secret
hostname host

IP address of the RADIUS server.

accounting-port port-numberThe port number used for IKE RADIUS accounting.
authentication-port port-numberThe port number the RADIUS server is listening on.
shared-secret shared-secretThe RADIUS shared secret, which is known to both the RADIUS client and server.
server-contact-timeout seconds

The number of seconds for the device to wait for a response from each RADIUS server before trying with a different server.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close