Operation Manual

ManualsBrandsTrapeze smart mobile ManualsSoftwareMobility System Software 7.3

441

442

443

444

445

446

447

448

449

450

RADIUS, LDAP, and Server Groups Commands

Mobility System Software Command Reference Guide

Version 7.3

17 – 434

Defaults

Default values are listed below:

❑ auth-port—UDP port 1812

❑ acct-port—UDP port 1813

❑ timeout—5 seconds

❑ retransmit—3 (the total number of attempts, including the first attempt)

❑ deadtime—0 (zero) minutes (The MX does not designate unresponsive RADIUS servers as

unavailable.)

❑ key—No key

❑ encrypted-key—No key

❑ author-password—trapeze

Access

Enabled.

History

Usage

For a given RADIUS server, the first instance of this command must set both the server

name and the IP address and can include any or all of the other optional parameters. Subsequent

instances of this command can be used to set optional parameters for a given RADIUS server.

To configure the server as a remote authenticator for the MX switch, you must add it to a server

group with the set server group command.

Do not use the same name for a RADIUS server and a RADIUS server group.

Examples

To set a RADIUS server named RS42 with IP address 198.162.1.1 to use the default

accounting and authorization ports with a timeout interval of 30 seconds, two transmit attempts,

5 minutes of dead time, a key string of keys4u, and the default authorization password of trapeze,

type the following command:

MX-20# set radius server RS42 address 198.162.1.1 timeout 30 retransmit 2 deadtime 5 key

keys4U

See Also

❑ set authentication admin on page 164

deadtime minutes Number of minutes the MX waits after declaring an unresponsive RADIUS server

unavailable before retrying that RADIUS server. Specify between 0 (zero) and

1440 minutes (24 hours). A zero value causes the MX to identify unresponsive servers

as available.

key string |

encrypted-key

string

Password (shared secret key) the MX uses to authenticate to RADIUS servers. You

must provide the same password that is defined on the RADIUS server. The

password can be 1 to 64 characters long, with no spaces or tabs.

❑ Use the key option to enter the string in its unencrypted form. MSS encrypts the

displayed form of the string in show config and show aaa output.

❑ To enter the string in its encrypted form instead, use the encrypted-key option.

MSS does not encrypt the string you enter, and instead displays the string exactly

as you enter it.

mac-addr-format

hyphen|colons|

one-hyphen|raw

Configures a MAC address format to be sent as a username to a RADIUS server for

MAC authentication. The following formats can be specified:

❑ hyphens—12-34-56-78-9a-bc

❑ colons—12:34:56:78:9a:bc

❑ one-hyphen—123456-789abc

❑ raw—123456789abc

author-password

password

Password used for authorization to a RADIUS server for MAC authentication. The

client’s MAC address is sent as the username and the author-password string is

sent as the password. Specify a password of up to 64 alphanumeric characters with no

spaces or tabs.

Version 1.0 Command introduced

Version 4.2 encrypted-key option added