Cisco OL-15491-01 User Manual

Page 142

Advertising
background image

A-142

Cisco Content Services Gateway - 2nd Generation Release 2.0 Installation and Configuration Guide

OL-15491-01

Appendix A CSG2 Command Reference

ip csg radius proxy

You can also configure an optional RADIUS key.

If you configure a RADIUS key, the CSG2 parses and acts on a message only if the RADIUS
Authenticator is correct.

If you do not configure a RADIUS key, the CSG2 always parses and forwards every message.

You can specify more than one RADIUS key by specifying more than one ip csg radius proxy
command, but each command must specify a unique CSG2 IP address (or IP address-VRF name
combination, if VRF is configured).

All RADIUS messages are forwarded, unless the IP or User Datagram Protocol (UDP) headers specify
a length larger than the physical packet size.

CSG2 User Table entries created as a result of RADIUS messaging through the ip csg radius endpoint
definition with a VRF configured are indexed by the configured sub-vrf-name. This enables the CSG2
to segment the subscriber space and removes ambiguity if multiple subscribers share the same IP
address, provided that their entries were instantiated by RADIUS flows to CSG2 radius definitions
bound to different VRFs. If the sub-vrf-name is not configured, the User Table entries are indexed via
the global routing table.

Note

If your network is designed to check the authorization string in RADIUS messages, we recommend that
you enter a secret-string. Additionally, if you configure the ip csg entries user profile radius remove
command, you might need to configure a secret-string.

To change the RADIUS proxy csg-vrf-name, server-vrf-name, or sub-vrf-name associated with a given
csg-address, you must first enter the no form of the ip csg radius endpoint command for that
csg-address, then enter the command with the new csg-vrf-name, server-vrf-name, or sub-vrf-name.

Examples

The following example illustrates how to create a RADIUS proxy point:

ip csg radius proxy vrf RADIUSVRF 1.2.3.4 vrf SERVERVRF 5.6.7.8 1.2.3.4 key secret vrf

SUBVRF

Related Commands

Command

Description

ip csg radius endpoint

Identifies the CSG2 as an endpoint for RADIUS Accounting messages.

ip csg radius monitor
nas

Specifies that the CSG2 is to monitor the RADIUS flows to the specified
server.

ip csg radius userid

Specifies the RADIUS attribute used to extract the user identifier from a
RADIUS record.

Advertising
Popular Brands
Popular manuals