RADIUS Server Settings

The parameters you set for individual RADIUS servers identify the RADIUS server, establish a password common to the Oracle® Enterprise Session Border Controller and the server, and establish trying times.

Setting the class and the authentication methods for the RADIUS servers can determine how and when they are used in the authentication process.

To configure a RADIUS server to use for authentication:

  1. Access the RADIUS server submenu from the main authentication configuration: 
    ORACLE(authentication)# radius-servers
ORACLE(radius-servers)#
  2. address—Set the remote IP address for the RADIUS server. There is no default value, and you are required to configure this address.
  3. port—Set the port at the remote IP address for the RADIUS server. The default port is set to 1812. The valid values are:

    • 1645 | 1812

  4. state—Set the state of the RADIUS server. Enable this parameter to use this RADIUS server to authenticate users. The default value is enabled. The valid values are:

    • enabled | disabled

  5. secret—Set the password that the RADIUS server and the Oracle® Enterprise Session Border Controller share. This password is transmitted between the two when the request for authentication is initiated; this ensures that the RADIUS server is communicating with the correct client.
  6. nas-id—Set the NAS ID for the RADIUS server. There is no default for this parameter.
  7. retry-limit—Set the number of times that you want the Oracle® Enterprise Session Border Controller to retry for authentication information from this RADIUS server. The default value is 3. The valid range is:

    • Minimum—1

    • Maximum—5

      If the RADIUS server does not respond within this number of tries, the Oracle® Enterprise Session Border Controller marks is as dead.

  8. retry-time—Set the amount of time (in seconds) that you want theOracle® Enterprise Session Border Controller to wait before retrying for authentication from this RADIUS server. The default value is 5. The valid range is:

    • Minimum—5

    • Maximum—10

  9. dead-time—Set the amount of time in seconds before the Oracle® Enterprise Session Border Controller retries a RADIUS server that it has designated as dead because that server did not respond within the maximum number of retries. The default is 10. The valid range is:

    • Minimum—10

    • Maximum—10000

  10. maximum-sessions—Set the maximum number of outstanding sessions for this RADIUS server. The default value is 255. The valid range is:

    • Minimum—1

    • Maximum—255

  11. class—Set the class of this RADIUS server as either primary or secondary. A connection to the primary server is tried before a connection to the secondary server is tried. The default value is primary. Valid values are:

    • primary | secondary

      The Oracle® Enterprise Session Border Controller tries to initiate contact with primary RADIUS servers first, and then tries the secondary servers if it cannot reach any of the primary ones.

      If you configure more than one RADIUS server as primary, the Oracle® Enterprise Session Border Controller chooses the one with which it communicates using a round-robin strategy. The same strategy applies to the selection of secondary servers if there is more than one.

  12. authentication-methods—Set the authentication method you want the Oracle® Enterprise Session Border Controller to use with this RADIUS server. The default value is pap. Valid values are:

    • all | pap | chap | mschapv2

      This parameter has a specific relationship to the global protocol parameter for the authentication configuration, and you should exercise care when setting it. If the authentication method that you set for the RADIUS server does not match the global authentication protocol, then the RADIUS server is not used. The Oracle® Enterprise Session Border Controller simply overlooks it and does not send authentication requests to it. You can enable use of the server by changing the global authentication protocol so that it matches.

  13. Use the management-servers attribute to identify one or more RADIUS servers available to provide AAA services.

    Servers are identified by IP address, participate in the configured management-strategy, and must have been previously configured as described above.

    The following example identifies three available RADIUS servers. The list is delimited by left and right parentheses, and list items are separated by space characters. 

    ORACLE(authentication)# management-servers (172.30.0.6 172.30.1.8 172.30.2.10)
ORACLE(authentication)#

    The following example deletes the current list. 

    ORACLE(authentication)# management-servers ()
ORACLE(authentication)#
  14. Save your work and activate your configuration.
Previous
Previous 		Next
Next
Go To Table Of Contents
Contents