1. Administrative Security Guide
  2. IKEv2 Support
  3. RADIUS Authentication
  4. Configuring RADIUS Authentication
  5. Configure a RADIUS Server

Configure a RADIUS Server

  1. Access the radius-servers configuration element. 
    ORACLE# configure terminal
ORACLE(configure)# security
ORACLE(security)# authentication
ORACLE(authentication)# radius-servers
ORACLE(radius-servers)#
  2. state—Set the operational state of this RADIUS authentication server.
    Retain the default value, enabled, to identify this RADIUS authentication server as operational. Use disabled to place this RADIUS authentication server in a non-operational mode.
  3. authentication-methods—Specify the authentication methods supported by this RADIUS authentication server.
    Valid values are:
    • pap
    • chap
    • mschapv2
    • eap
    • all
  4. address—Specify the IP address of this RADIUS authentication server.
  5. port—Specify the remote port monitored for RADIUS authentication requests.
    Valid values are:
    • 1645
    • 1812
  6. realm-id—Identify the realm that provides transport services to this RADIUS authentication server.
  7. secret—Specify the shared secret between the Oracle Communications Session Border Controller and this RADIUS authentication server.
  8. nas-id—Provide a string that uniquely identifies the OCSBC to this RADIUS authentication server.
    For example: 
    ORACLE(radius-servers)# nas-id nas-id-170-30-0-1
ORACLE(radius-servers)#
  9. retry-limit—Specify the number of times the OCSBC retransmits an unacknowledged authentication request to this RADIUS authentication server.
    • Min: 1
    • Max: 5
  10. retry-time—Specify the interval (in seconds) between unacknowledged authentication requests.
    • Min: 5
    • Max: 10
  11. dead-time—Specify the length (in seconds) of the quarantine period imposed an unresponsive RADIUS authentication server.
    • Min: 10
    • Max: 10000
  12. maximum-sessions—Specify the maximum number of outstanding sessions for this RADIUS authentication server.
    • Min: 1
    • Max: 255
  13. class—Select the RADIUS authentication server class, either primary or secondary.

    The OCSBC tries to initiate contact with primary RADIUS authentication servers first, and only turns to secondary RADIUS authentication servers if no primaries are available.

    If more than one RADIUS authentication server is designated as primary, the OCSBC uses a round-robin strategy to distribute authentication requests among available primaries.

  14. Type done to save your configuration.
  15. If necessary, configure additional RADIUS authentication servers.