Configuring settings for all radius servers – Cisco 15327 User Manual

Page 329

Advertising
background image

19-17

Ethernet Card Software Feature and Configuration Guide, R7.2

Chapter 19 Configuring Security for the ML-Series Card

Configuring RADIUS

Identifying the specific ML-Series card that sent the request to the server can be useful in debugging
from the server. The nas-ip-address is primarily used for validation of the RADIUS authorization and
accounting requests.

If this value is not configured, the nas-ip-address is filled in by the normal Cisco IOS mechanism using
the value configured by the ip radius-source command. If no value is specified then the best IP address
routable to the server is used. If no routable address is available, the IP address of the server is used.

Beginning in privileged EXEC mode, follow these steps to configure the nas-ip-address:

Configuring Settings for All RADIUS Servers

Beginning in privileged EXEC mode, follow these steps to configure global communication settings
between the ML-Series card and all RADIUS servers:

Command

Purpose

Step 1

Router# configure terminal

Enter global configuration mode.

Step 2

Router (config)# [no] ip radius

nas-ip-address

{

hostname |

ip-address}

Specify the IP address or hostname of the attribute 4 (nas-ip-address) in the
radius packet.

If there is only one ML-Series card in the ONS node, this command does
not provide any advantage. The public IP address of the ONS node serves
as the nas-ip-address in the RADIUS packet sent to the server.

Step 3

Router (config)# end

Return to privileged EXEC mode.

Step 4

Router# show running-config

Verify your settings.

Step 5

Router# copy running-config

startup-config

(Optional) Save your entries in the configuration file.

Command

Purpose

Step 1

Router# configure terminal

Enter global configuration mode.

Step 2

Router (config)# radius-server

key

string

Specify the shared secret text string used between the ML-Series card and
all RADIUS servers.

Note

The key is a text string that must match the encryption key used on
the RADIUS server. Leading spaces are ignored, but spaces within
and at the end of the key are used. If you use spaces in your key, do
not enclose the key in quotation marks unless the quotation marks
are part of the key.

Step 3

Router (config)# radius-server

retransmit

retries

Specify the number of times the ML-Series card sends each RADIUS
request to the server before giving up. The default is 3; the range 1 to 1000.

Step 4

Router (config)# radius-server

timeout

seconds

Specify the number of seconds a ML-Series card waits for a reply to a
RADIUS request before resending the request. The default is 5 seconds; the
range is 1 to 1000.

Advertising
Popular Brands
Popular manuals