Configuring RADIUS

Configuring RADIUS

​RADIUS is commonly used in enterprise and service provider networks to authenticate and authorize users before granting them access to network services.

In SONiC NOS, RADIUS is supported to achieve a crucial role in securing and managing network access by providing a centralized authentication, authorization, and accounting framework. SONiC switch performs a Client - network access server (NAS) role.

RADIUS is not supported on these platforms: EdgeCore AS5812 & EdgeCore AS7712

Global Level:

Reference

Command	[no] radius [auth-type <<chap|pap|mschapv2> default pap>] [nasip ] [key ] [source-ip ] [retransmit ] [timeout ]
Description	Configure RADIUS
Parameters	auth-type, nasip, key, source-ip, retransmit, timeout
Mode	CONFIG

Example

pbnoscli(config)# radius 
  <cr>
  auth-type             Authentication type, default pap
  key                   Add key
  nasip                 NAS IP address
  retransmit            Number of retries, default 3
  source-ip             source ip address
  timeout               Transmission timeout interval <1-60>, default 5
pbnoscli(config)# radius timeout 60
pbnoscli(config)# radius source-ip 10.4.4.52
pbnoscli(config)# radius key testing123
pbnoscli(config)# end

​​You can verify the configuration by using the command(s) below:

pbnoscli# show radius 
RADIUS global auth_type pap            
RADIUS global passkey *****          
RADIUS global timeout 5              
RADIUS global nasip <EMPTY_STRING> (Default)
RADIUS global source-ip 10.4.4.52      
RADIUS global retransmit 3              
===========================================================================================================================================
IP              Auth_type       Passkey         Auth-port       Priority        source-intf     retransmit      Timeout        
===========================================================================================================================================
10.4.4.11       pap             N/A             1812            1               N/A             3               5               
pbnoscli#

Server Level

Reference

Command	[no] radius-server host key [auth-type <chap|pap|mschapv2> default pap] [auth-port <range[1:65535] default 1812>] [priority <integer default 1>] source-intf [retransmit ] [timeout ]
Description	Configure RADIUS
Parameters	auth-type, auth-port, priority,source-interface, retransmit, timeout
Mode	CONFIG

Example

pbnoscli# configure terminal 
pbnoscli(config)# radius 
  host                  Add host
pbnoscli(config)# radius-server host 
  <ipaddr>              A.B.C.D
  <ip6addr>             A:B::C:D
pbnoscli(config)# radius-server host 10.4.4.11  

You can verify the configuration by using the command(s) below:

pbnoscli# show radius 10.4.4.11
RADIUS global auth_type pap            
RADIUS global passkey *****          
RADIUS global timeout 5              
RADIUS global nasip <EMPTY_STRING> (Default)
RADIUS global source-ip 10.4.4.52      
RADIUS global retransmit 3              
===========================================================================================================================================
IP              Auth_type       Passkey         Auth-port       Priority        source-intf     retransmit      Timeout        
===========================================================================================================================================
10.4.4.11       pap             N/A             1812            1               N/A             3               5               
pbnoscli#