In order for RADIUS authorization to function, RADIUS authentication must be enabled first. See Configuring RADIUS authentication.
In addition to the local configuration requirements, VSAs must be configured on the RADIUS server. See Vendor-specific attributes.
On the local router, use the following CLI commands to configure RADIUS authorization.
CLI syntax:
config>system>security
radius
authorization
The following displays a RADIUS authorization configuration example:
A:ALA-1>config>system>security# info
----------------------------------------------
...
radius
authorization
retry 5
timeout 5
server 1 address 10.10.10.103 secret "test1"
server 2 address 10.10.0.1 secret "test2"
server 3 address 10.10.0.2 secret "test3"
server 4 address 10.10.0.3 secret "test4"
exit
...
----------------------------------------------
A:ALA-1>config>system>security#