Secure Radius Connection

The ESBC can connect to a Radius server over a secure IPSec/IKEv2 connection over a media interface.

Note:

You must have the IPSec license installed to enable Radius over a secure IPSec/IKEv2 connection.

To properly configure a secure Radius connection, the following config elements and parameters must be configured:

• security, authentication
  • type (set to radius)
  • server-assigned-privilege (set to enabled)
  • management-servers
• security, authentication, radius-server
  • address (the Radius server IP)
  • secret
  • nas-id
  • realm-id
• security, ike, ike-config
  • log-level
  • phase1-dh-mode
  • phase2-exchange-mode
  • red-port-options
• security, ike, ike-interface
  • ike-version (set to 2)
  • address
  • realm-id
  • ike-mode
  • esnSupport (set to enabled)
  • shared-password
  • eap-protocol
• security, ike, ike-sainfo
  • name
  • tunnel-local-addr
  • tunnel-remote-addr
• security, ipsec, security-policy
  • name
  • network-interface
  • priority
  • local-ip-addr-match
  • remote-ip-addr-match
  • ike-sainfo-name