Table�19:�RADIUS Parameters �
| Parameter |
Description |
| Enable State |
Enable or disable RADIUS on the switch. |
| Primary Server |
- IP Address - Enter the IP address for the primary RADIUS server.
- Shared Secret - Enter the shared secret the switch will use for encrypting and decrypting passwords. Make sure the primary server is configured with the exact same characters (case sensitive). This value is itself encrypted and will not be displayed anywhere (Web Agent or CLI) once set. It can be changed by simply entering in a new shared secret.
|
| Secondary Server |
- IP Address - Enter IP address for the secondary RADIUS server.
- Shared Secret - Enter the shared secret the switch will use for encrypting and decrypting passwords. Make sure the secondary server is configured with the exact same characters (case sensitive). This value is itself encrypted and will not be displayed anywhere (Web Agent or CLI) once set. It can be changed by simply entering in a new shared secret.
|
| Source IP Address |
Enter an IP interface address the switch will use as the source IP address in the Access-Request messages. This value must be an IP interface address on the switch. If set, and the IP interface becomes disabled, RADIUS will not function because the switch will not be able to send or receive RADIUS messages. If left 0.0.0.0 (the default), the switch automatically selects a source IP address from one of its active interfaces. If you use this setting, you must add each of the switch IP addresses to the Client file on the RADIUS server since you are not manually setting the source IP address. |
| Realm |
Set this parameter only if realms are used on the RADIUS server for organizing user accounts. If so, enter the realm name for the user accounts that are authorized to log in to the Avaya switch. All user accounts that are authorized to log in to this switch must be assigned to the same realm. |
| Group |
Enter the group name.The group name will be included in the Access-Request message sent to the RADIUS server. If you specify a group name, all user accounts must be assigned a group name on the RADIUS server and VSAs must be set for the user accounts. |
| Retry Number |
Enter the number of times to resend the Access-Request message if the RADIUS server does not respond. |
| Retry Time |
Enter the time (in seconds) to wait before resending an Access-Request message. |
| UDP Port |
Enter the UDP port number that you want the switch to use for RADIUS authentication. The default value is 1812. Valid options are 1812 or 1645 only. |
| Switch-Service-Type Required |
If this setting is enabled, the switch recognizes only Access-Accept messages that have the correct switch service type VSA (attribute 1). If this setting is disabled, the switch recognizes both the switch service type VSA and the service type standard radius attribute (attribute 6). For the standard radius attribute, the switch recognizes only two values:
- Administrative (value 6)
- NAS-Prompt (7),which the switch recognizes as read-only access.
|
|
