Secure Radius Connection
The ESBC can connect to a Radius server over a secure
IPSec/IKEv2 connection over a media interface.
Note:
You must have the IPSec license installed to enable Radius over a secure IPSec/IKEv2 connection.To properly configure a secure Radius connection, the following config
elements and parameters must be configured:
- security,
authentication
- type (set to radius)
- server-assigned-privilege (set to enabled)
- authentication-over-ipsec (set to enabled)
- management-servers
- security,
authentication,
radius-server
- address (the Radius server IP)
- secret
- nas-id
- realm-id
- security,
ike,
ike-config
- log-level
- phase1-dh-mode
- phase2-exchange-mode
- red-port-options
- security,
ike,
ike-interface
- ike-version (set to 2)
- address
- realm-id
- ike-mode
- esnSupport (set to enabled)
- shared-password
- eap-protocol
- security,
ike,
ike-sainfo
- name
- tunnel-local-addr
- tunnel-remote-addr
- security,
ipsec,
security-policy
- name
- network-interface
- priority
- local-ip-addr-match
- remote-ip-addr-match
- ike-sainfo-name