RADIUS Server Settings
The parameters you set for individual RADIUS servers identify the RADIUS server, establish a password common to the Oracle® Enterprise Session Border Controller and the server, and establish trying times.
Setting the class and the authentication methods for the RADIUS servers can determine how and when they are used in the authentication process.
To configure a RADIUS server to use for authentication:
-
Access the RADIUS
server submenu from the main authentication configuration:
ORACLE(authentication)# radius-servers ORACLE(radius-servers)#
- address—Set the remote IP address for the RADIUS server. There is no default value, and you are required to configure this address.
-
port—Set the port at
the remote IP address for the RADIUS server. The default port is set to
1812. The valid
values are:
-
1645 | 1812
-
-
state—Set the state
of the RADIUS server. Enable this parameter to use this RADIUS server to
authenticate users. The default value is
enabled. The valid
values are:
-
enabled | disabled
-
- secret—Set the password that the RADIUS server and the Oracle® Enterprise Session Border Controller share. This password is transmitted between the two when the request for authentication is initiated; this ensures that the RADIUS server is communicating with the correct client.
- nas-id—Set the NAS ID for the RADIUS server. There is no default for this parameter.
-
retry-limit—Set the
number of times that you want the
Oracle® Enterprise Session Border Controller to retry for authentication information from this
RADIUS server. The default value is
3. The valid range
is:
-
Minimum—1
-
Maximum—5
If the RADIUS server does not respond within this number of tries, the Oracle® Enterprise Session Border Controller marks is as dead.
-
-
retry-time—Set the
amount of time (in seconds) that you want theOracle® Enterprise Session Border Controller to wait before retrying for authentication from this
RADIUS server. The default value is
5. The valid range
is:
-
Minimum—5
-
Maximum—10
-
-
dead-time—Set the
amount of time in seconds before the
Oracle® Enterprise Session Border Controller retries a RADIUS server that it has designated as
dead because that server did not respond within the maximum number of retries.
The default is
10. The valid range
is:
-
Minimum—10
-
Maximum—10000
-
-
maximum-sessions—Set
the maximum number of outstanding sessions for this RADIUS server. The default
value is
255. The valid range
is:
-
Minimum—1
-
Maximum—255
-
-
class—Set the class
of this RADIUS server as either primary or secondary. A connection to the
primary server is tried before a connection to the secondary server is tried.
The default value is
primary. Valid
values are:
-
primary | secondary
The Oracle® Enterprise Session Border Controller tries to initiate contact with primary RADIUS servers first, and then tries the secondary servers if it cannot reach any of the primary ones.
If you configure more than one RADIUS server as primary, the Oracle® Enterprise Session Border Controller chooses the one with which it communicates using a round-robin strategy. The same strategy applies to the selection of secondary servers if there is more than one.
-
-
authentication-methods—Set
the authentication method you want the
Oracle® Enterprise Session Border Controller to use with this RADIUS server. The default value is
pap. Valid values
are:
-
all | pap | chap | mschapv2
This parameter has a specific relationship to the global protocol parameter for the authentication configuration, and you should exercise care when setting it. If the authentication method that you set for the RADIUS server does not match the global authentication protocol, then the RADIUS server is not used. The Oracle® Enterprise Session Border Controller simply overlooks it and does not send authentication requests to it. You can enable use of the server by changing the global authentication protocol so that it matches.
-
-
Use the
management-servers
attribute to identify one or more RADIUS servers available to provide AAA
services.
Servers are identified by IP address, participate in the configured management-strategy, and must have been previously configured as described above.
The following example identifies three available RADIUS servers. The list is delimited by left and right parentheses, and list items are separated by space characters.
ORACLE(authentication)# management-servers (172.30.0.6 172.30.1.8 172.30.2.10) ORACLE(authentication)#
The following example deletes the current list.
ORACLE(authentication)# management-servers () ORACLE(authentication)#
- Save your work and activate your configuration.