Image may be NSFW.
Clik here to view.
WLC – configure the MX to use RADIUS.Before you begin be sure that you can contact the RADIUS servers on the network by sending the ping command to each one to verify connectivity.
MX# ping ip-addr
When a RADIUS server is used for authentication, you must configure RADIUS server parameters. For each RADIUS server, you must set the following parameters:
- Server name
- Passwork (key)
- IP address
For RADIUS servers without explicitly set dead times, timeout times, and transmission attempts, MSS sets the following values by default:
- Dead time – 0 (zero) minutes (The MX does not designate unresponsive RADIUS servers as unavailable.
- Transmission attempts – 3
- Timeout (server response time) – 5 seconds
Configuring Global RADIUS Default Values
You can change RADIUS values globally and set a global password (key) with the following command. The key string is the shared secret that the MX uses to authenticate to the RADIUS server.
MX# set radius {deadtime minutes | encrypted-key string | key string | retransmit number | timeout seconds}To reset the global RADIUS server settings to their factory defaults, use the following command:
MX# set clear radius {deadtime | key| retransmit | timeout}
Setting the System IP Address as the Source Address
By default, RADIUS packets leaving the MX have the source IP address of the outbound interface on the MX. The source address can change when routing conditions change. If you set a system IP address for the MX, you can use it as a permanent source address for the RADIUS packets sent by the MX.
To set the MX system IP address as the source address in RADIUS client, type the following command:MX# set radius client system-ipTo remove the MX system IP address as the source address in RADIUS client requests from the MX to the RADIUS server(s), type the following command:
MX clear radius client system-ip
Configuring Individual RADIUS Servers
You must configure a name and IP address for each RADIUS server. To configure a RADIUS server, use the following command:
MX# set radius server server-name [address ip-addr] [key string]The server name must be unique for this RADIUS server on the MX. Do not use the same name for a RADIUS server and a RADIUS server group. The key (password) string is the shared secret that the MX uses to authenticate to the RADIUS server.
You must configure RADIUS servers into RADIUS server groups before you can access them.
Configuring RADIUS Server Groups
A RADIUS server group is a group of up to four RADIUS servers. You must declare all members of a server group, in contact order, when you create the group.
To create a RADIUS server group, type the following command:
MX# set server group group-name members [server-name1] [server-name2] [server-name3] [server-name4]
Ordering Server Groups
You can configure up to four methods for authentication, authorization, and accounting (AAA). AAA methods can be the local database on the MX or one or more RADIUS server groups. You can set the order that the MX uses the AAA methods by the order that you enter the methods.
In most cases, if the first method results in a pass or fail, the evaluation is final. If the first method does not respond or results in an error, the MX attempts the second method, and so on.
However, if the local database is the first method in the list, followed by a RADIUS server group, the MX responds to a failed search of the database by sending a request to the subsequent RADIUS server group. This is called local override.
Hope you will like my post.Configure the MX to use RADIUS.Please share with others.
The post WLC – Configure the MX to use RADIUS appeared first on eBrahma.