Configuring RADIUS

RADIUS is commonly used in enterprise and service provider networks to authenticate and authorize users before granting them access to network services.

In SONiC NOS, RADIUS is supported to achieve a crucial role in securing and managing network access by providing a centralized authentication, authorization, and accounting framework. SONiC switch performs a Client - network access server (NAS) role.

RADIUS is not supported on these platforms: EdgeCore AS5812 & EdgeCore AS7712

Global Level:

Reference

Command

[no] radius [auth-type <<chap|pap|mschapv2> default pap>] [nasip ] [key ] [source-ip ] [retransmit ] [timeout ]

Description

Configure RADIUS

Parameters

auth-type, nasip, key, source-ip, retransmit, timeout

Mode

CONFIG

Example

pbnoscli(config)# radius 
  <cr>
  auth-type             Authentication type, default pap
  key                   Add key
  nasip                 NAS IP address
  retransmit            Number of retries, default 3
  source-ip             source ip address
  timeout               Transmission timeout interval <1-60>, default 5
pbnoscli(config)# radius timeout 60
pbnoscli(config)# radius source-ip 10.4.4.52
pbnoscli(config)# radius key testing123
pbnoscli(config)# end

You can verify the configuration by using the command(s) below:

pbnoscli# show radius 
RADIUS global auth_type pap            
RADIUS global passkey *****          
RADIUS global timeout 5              
RADIUS global nasip <EMPTY_STRING> (Default)
RADIUS global source-ip 10.4.4.52      
RADIUS global retransmit 3              
===========================================================================================================================================
IP              Auth_type       Passkey         Auth-port       Priority        source-intf     retransmit      Timeout        
===========================================================================================================================================
10.4.4.11       pap             N/A             1812            1               N/A             3               5               
pbnoscli#

Server Level

Reference

Command

[no] radius-server host key [auth-type <chap|pap|mschapv2> default pap] [auth-port <range[1:65535] default 1812>] [priority <integer default 1>] source-intf [retransmit ] [timeout ]

Description

Configure RADIUS

Parameters

auth-type, auth-port, priority,source-interface, retransmit, timeout

Mode

CONFIG

Example

pbnoscli# configure terminal 
pbnoscli(config)# radius 
  host                  Add host
pbnoscli(config)# radius-server host 
  <ipaddr>              A.B.C.D
  <ip6addr>             A:B::C:D
pbnoscli(config)# radius-server host 10.4.4.11

You can verify the configuration by using the command(s) below:

pbnoscli# show radius 10.4.4.11
RADIUS global auth_type pap            
RADIUS global passkey *****          
RADIUS global timeout 5              
RADIUS global nasip <EMPTY_STRING> (Default)
RADIUS global source-ip 10.4.4.52      
RADIUS global retransmit 3              
===========================================================================================================================================
IP              Auth_type       Passkey         Auth-port       Priority        source-intf     retransmit      Timeout        
===========================================================================================================================================
10.4.4.11       pap             N/A             1812            1               N/A             3               5               
pbnoscli#

PreviousConfiguring TACACS NextConfigure Packet Timestamping

Last updated 1 year ago

hashtagConfiguring RADIUS

hashtagGlobal Level:

hashtagReference

hashtagExample

hashtagServer Level

hashtagReference

hashtagExample