RADIUS Profile Configuration
Subscriber management allows the configuration of a RADIUS profile which is mandatory if RADIUS is used for authentication or accounting.
The way that the RADIUS profile configuration relates to all subscriber management configuration tasks is shown in the picture below.
Configuring the RADIUS Profile
supervisor@switch: cfg> show config access radius-profile <profile-name> Name of the RADIUS profile supervisor@switch: cfg> show config access radius-profile radius-default <cr> accounting RADIUS accounting options authentication RADIUS authentication options nas-identifier NAS identifier nas-ip-address NAS IP address (IPv4 Address) nas-port-format NAS-Port format nas-port-type NAS-Port type
The following example shows a typical RADIUS profile for authentication and accounting.
supervisor@switch: cfg> show config access radius-profile radius-default
{
"rtbrick-config:radius-profile": {
"profile-name": "radius-default",
"nas-identifier": "BNG",
"nas-port-type": "Ethernet",
"authentication": {
"radius-server-profile-name": [
"radius-server-1",
"radius-server-2"
]
},
"accounting": {
"radius-server-profile-name": [
"radius-server-1",
"radius-server-2"
],
"stop-on-reject": "true",
"stop-on-failure": "true",
"accounting-on-off": "true",
"accounting-on-wait": "true",
"accounting-backup": "true",
"accounting-backup-max": 86400
}
}
}
| Attribute | Description | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
nas-identifier |
Set the value for the RADIUS attribute NAS-Identifier (32). Default: system hostname |
|||||||||
nas-ip-address |
Set the value for RADIUS attribute NAS-IP-Address (4). Default: source IPv4 address |
|||||||||
nas-port-type |
Set the value for RADIUS attribute NAS-Port-Type (61). Default: Ethernet |
|||||||||
nas-port-format |
Set the format of the 32 bit RADIUS attribute NAS-Port (5).
|
Configuring Authentication
supervisor@switch: cfg> show config access radius-profile radius-default authentication <cr> algorithm-type Authentication redundancy algorithm radius-server-profile-name RADIUS server profile name
| Attribute | Description |
|---|---|
radius-server-profile-name |
List of RADIUS servers used for authentication. |
algorithm-type |
Authentication server selection algorithm as described in [RADIUS Redundancy]. Default: DIRECT Values: DIRECT, ROUND-ROBIN |
Configuring Accounting
supervisor@switch: cfg> show config access radius-profile radius-default accounting <cr> accounting-backup Enable backup accounting accounting-backup-max Max backup accounting hold time in seconds accounting-on-off Enable accounting on/off accounting-on-wait Wait for an accounting-on response before sending authentication requests algorithm-type Accounting redundancy algorithm radius-server-profile-name RADIUS server profile name stop-on-failure Send accounting-stop on failure stop-on-reject Send accounting-stop on authentication reject
| Attribute | Description |
|---|---|
radius-server-profile-name |
List of RADIUS servers used for accounting. |
algorithm-type |
Accounting server selection algorithm as described in [RADIUS Redundancy]. Default: DIRECT Values: DIRECT, ROUND-ROBIN |
stop-on-failure |
Sent RADIUS accounting request stop in case of failure after authentication was accepted. Default: false |
stop-on-reject |
Sent RADIUS accounting request stop in case of authentication is rejected. Default: false |
accounting-on-off |
Enable RADIUS Accounting-On/Off messages as described in [RADIUS Accounting]. Default: false |
accounting-on-wait |
This options prevents any new subscriber until the accounting hast started meaning that Accounting-On response was received. Default: false |
accounting-backup |
RADIUS accounting requests are often used for billing and therefore should be able to store and retry over a longer period (common up to 24 hours or more) which can be optionally enabled here. Default: false |
accounting-backup-max |
This options defines maximum backup accounting hold time in seconds if accounting-backup is enabled. Default: 3600 Range: 1 - 4294967295 |