Configuring RADIUS
Configuring RADIUS
RADIUS is commonly used in enterprise and service provider networks to authenticate and authorize users before granting them access to network services.
In SONiC NOS, RADIUS is supported to achieve a crucial role in securing and managing network access by providing a centralized authentication, authorization, and accounting framework. SONiC switch performs a Client - network access server (NAS) role.
Global Level:
Reference
Command
[no] radius [auth-type <<chap|pap|mschapv2> default pap>] [nasip ] [key ] [source-ip ] [retransmit ] [timeout ]
Description
Configure RADIUS
Parameters
auth-type, nasip, key, source-ip, retransmit, timeout
Mode
CONFIG
Example
pbnoscli(config)# radius
<cr>
auth-type Authentication type, default pap
key Add key
nasip NAS IP address
retransmit Number of retries, default 3
source-ip source ip address
timeout Transmission timeout interval <1-60>, default 5
pbnoscli(config)# radius timeout 60
pbnoscli(config)# radius source-ip 10.4.4.52
pbnoscli(config)# radius key testing123
pbnoscli(config)# end
You can verify the configuration by using the command(s) below:
pbnoscli# show radius
RADIUS global auth_type pap
RADIUS global passkey *****
RADIUS global timeout 5
RADIUS global nasip <EMPTY_STRING> (Default)
RADIUS global source-ip 10.4.4.52
RADIUS global retransmit 3
===========================================================================================================================================
IP Auth_type Passkey Auth-port Priority source-intf retransmit Timeout
===========================================================================================================================================
10.4.4.11 pap N/A 1812 1 N/A 3 5
pbnoscli#
Server Level
Reference
Command
[no] radius-server host key [auth-type <chap|pap|mschapv2> default pap] [auth-port <range[1:65535] default 1812>] [priority <integer default 1>] source-intf [retransmit ] [timeout ]
Description
Configure RADIUS
Parameters
auth-type, auth-port, priority,source-interface, retransmit, timeout
Mode
CONFIG
Example
pbnoscli# configure terminal
pbnoscli(config)# radius
host Add host
pbnoscli(config)# radius-server host
<ipaddr> A.B.C.D
<ip6addr> A:B::C:D
pbnoscli(config)# radius-server host 10.4.4.11
You can verify the configuration by using the command(s) below:
pbnoscli# show radius 10.4.4.11
RADIUS global auth_type pap
RADIUS global passkey *****
RADIUS global timeout 5
RADIUS global nasip <EMPTY_STRING> (Default)
RADIUS global source-ip 10.4.4.52
RADIUS global retransmit 3
===========================================================================================================================================
IP Auth_type Passkey Auth-port Priority source-intf retransmit Timeout
===========================================================================================================================================
10.4.4.11 pap N/A 1812 1 N/A 3 5
pbnoscli#
Last updated
Was this helpful?