Common backend RADIUS server support

The dot1x RADIUS servers use the common backend RADIUS server. The common backend RADIUS server can be configured using the config>router>radius-server or config>service>vprn>radius-server contexts, and supports both IPv4 and IPv6 RADIUS connectivity.

These RADIUS servers can be placed under a RADIUS policy that is configured under config>aaa>radius-server-policy context. Multiple RADIUS servers can be added to a RADIUS server policy. See the radius-server-policy command description for more information.

The RADIUS policy can be assigned to a dot1x through radius-server-policy under dot1x configuration.

The following example shows the command usage for a base router configuration:

*A:swsim100>config>router>radius-server# server 1
  - no server <server-name>
  - server <server-name> [address <ip-address>] [secret <key >] [hash|hash2|
    custom] [create]
 <server-name>        : [32 chars max]
 <ip-address>         : ipv4-address   - a.b.c.d
                        ipv6-address   - x:x:x:x:x:x:x:x   (eight 16-bit
                                         pieces)
                                         x:x:x:x:x:x:d.d.d.d
                                         x - [0..FFFF]H
                                         d - [0..255]D
 <key >               : secret-key - [64 chars max]
                        hash-key
                        hash2-key
                        custom-key
 <hash|hash2|custom>  : keywords - specify hashing scheme
 <create>             : keyword

The following example shows the command usage for a service VPRN configuration:

*A:swsim100>config>service>vprn>radius-server# server 1
  - no server <server-name>
  - server <server-name> [address <ip-address>] [secret <key >] [hash|hash2|
    custom] [create]
 <server-name>        : [32 chars max]
 <ip-address>         : ipv4-address   - a.b.c.d
                        ipv6-address   - x:x:x:x:x:x:x:x   (eight 16-bit
                                         pieces)
                                         x:x:x:x:x:x:d.d.d.d
                                         x - [0..FFFF]H
                                         d - [0..255]D
 <key >               : secret-key - [64 chars max]
                        hash-key
                        hash2-key
                        custom-key
 <hash|hash2|custom>  : keywords - specify hashing scheme
 <create>             : keyword

After a server is configured, a RADIUS policy can be created from the configured servers. For server redundancy, there can be multiple servers for a policy.

The following is an example configuration output:

*A:swsim100>config>aaa# info
----------------------------------------------
        radius-server-policy "test" create
            servers
                router 60
                server 1 name "test"
                server 2 name "test2"
            exit
        exit

These RADIUS server policies can be configured against a port dot1x configuration using the dot1x radius-server-policy command.

*A:swsim100> configure port 1/1/c1/1 ethernet dot1x radius-server-policy "test"
Parent topic: RADIUS connectivity