radius-server

Description                                                    Set RADIUS parameters, for authenticating administrative access to the ACOS device.

Syntax                                                                  [no] radius-server host {hostname | ipaddr} secret secret-string
  [acct-port protocol-port]
  [
auth-port protocol-port]
  [
retransmit num]
  [
timeout seconds]

Default                                                                [no] radius-server default-privilege-read-write

Parameter

Description

hostname | ipaddr

Hostname or IP address of the RADIUS server.

secret secret-string

Password, 1-128 characters, required by the RADIUS server for authentication requests.

acct-port
protocol-port

Protocol port to which the ACOS device sends RADIUS accounting information.

The default port is 1813.

auth-port
protocol-port

Protocol port to which the ACOS device sends authentication requests.

The default port is 1812.

retransmit num

Maximum number of times the ACOS device can resend an unanswered authentication request to the server. If the ACOS device does not receive a reply to the final request, the ACOS device tries the secondary server, if one is config­ured.

If no secondary server is available, or if the secondary server also fails to reply after the maximum number of retries, authentication fails and the admin is denied access.

You can specify 0-5 retries. The default is 3 retries.

timeout seconds

Maximum number of seconds the ACOS device will wait for a reply to an authentication request before resending the request. You can specify 1-15 sec­onds.

The default is 3 seconds.

default-privilege-read-write

Change the default privilege authorized by RADIUS from read-only to read-write. The default privilege is used if the Service-Type attribute is not used, or the A10 vendor attribute is not used.

This is disabled by default; if the Service-Type attribute is not used, or the A10 vendor attribute is not used, successfully authenticated admins are authorized for read-only access.

Default                                                                No RADIUS servers are configured by default. When you add a RADIUS server, it has the default settings described in the table above.

You can configure up to 2 RADIUS servers. The servers are used in the order in which you add them to the configuration. Thus, the first server you add is the primary server. The second server you add is the secondary (backup) server. Enter a separate command for each of the servers. The secondary server is used only if the primary server does not respond.

Mode                                                                   Configuration mode

Example                                                            The following commands configure a pair of RADIUS servers and configure the ACOS device to use them first, before using the local database. Since 10.10.10.12 is added first, this server will be used as the primary server. Server 10.10.10.13 will be used only if the primary server is unavailable.

ACOS(config)#radius-server host 10.10.10.12 secret radp1

ACOS(config)#radius-server host 10.10.10.13 secret radp2

ACOS(config)#authentication type radius local

Table of Contents

Index

Glossary

-Search-

Back