RADIUS is disabled by default and must be explicitly enabled. The mandatory commands to enable RADIUS on the local router are radius and server server-index address ip-address secret key. The server command adds a RADIUS server and configures the RADIUS server’s IP address, index, and key values. The index determines the sequence in which the servers are queried for authentication requests.
Also, the system IP address must be configured in order for the RADIUS client to work. See ‟Configuring a System Interface” in the 7705 SAR Router Configuration Guide.
The other commands are optional.
On the local router, use the following CLI commands to configure RADIUS authentication:
config>system>security
radius
port port
retry count
server server-index address ip-address secret key [hash1 | hash2]
timeout seconds
no shutdown The following example displays the CLI syntax usage:
config>system>security>
security# radius
security# no shutdown
security>radius# server 1 address A:A:A:A:A:A:A:1 secret test11
security>radius# server 2 address 10.10.0.1 secret test2
security>radius# server 3 address 10.10.0.2 secret test3
security>radius# server 4 address 10.10.0.3 secret test4
security>radius# retry 5
security>radius# timeout 5
config>system>security>radius# exitThe following example displays the RADIUS authentication configuration:
ALU-1>config>system>security# info
----------------------------------------------
retry 5
timeout 5
server 1 address A:A:A:A:A:A:A:1 secret "test1"
server 2 address 10.10.0.1 secret "test2"
server 3 address 10.10.0.2 secret "test3"
server 4 address 10.10.0.3 secret "test4"
...
----------------------------------------
ALU-1>config>system>security#