Profiles RADIUS
The RADIUS profile is used to define a cluster of RADIUS servers to be used for authentication of the UNI ports on the OLT. The RADIUS profile also allows a discriminator that is used to define the RADIUS authenticator based on a MAC and mask. This allows sending specific devices such as phones to a different authenticator.
RADIUS Profile Attributes
| Attribute | Values | Default | Req | Description |
|---|---|---|---|---|
| Discriminator | Container | |||
| Aid-selector-list | List Container | |||
| Id | Int32 | N/A | Y |
Integer index of the discriminator list. |
| Aid-first | String | N/A | Y | Defines a template for port ID information. Typically only set by the EMS. |
| Count | Int32 | N/A | Y | The number of ports to apply this rule to. |
| Group-type | Enum | N/A | Y |
Bolt – Applies to all the olts |
| Rule-priority | Int32 | N/A | N | The priority to apply to the rule when conflicts in the rule existr. |
| Redundancy-mode | failover | roundrobin | failover | N | Failover – First server that answers is used until it fails, then move to the next. roundrobin – Each request is sent to a different server in a round robin fashion.. |
| Server-list | Container for list of servers. | |||
| Admin-state | enabled | disabled | enabled | N | Whether this RADIUS server entry is in use. If disabled, radius server is skipped. |
| Dae-admin-state | enabled | disabled | enabled | N | Whether dynamic authorization extensions are supported/allowed for this server.. |
| Dae-udp-port | 1..65535 | 3799 | N | The port to accept DAE requests on. |
| Nas-udp-port | 1..65535 | 1812 | N | The port to send RADIUS requests from.. |
| Server | String | N/A | N | The IP or hostname of the RADIUS server. |
| Server-udp-port | 1..65535 | 1812 | N | Port to use on the server. |
| Shared-key | ip address | hostname | N/A | N | The server secret key to be used to secure RADIUS communications. |
Note: * = required parameter. The required parameter name does not have to be entered in the command script. The system automatically recognizes the entered parameters by their placement.
- Command Path – tolt>profiles>radius-profiles>
- Module – tolt
- Container – profiles
- *Name – The name of the radius profile.
- Types –
- Container – radius-profile
- *Name – The name of the DSCP profile.
- Printable string (default N/A)
- Container – discriminator
- Container – Selector-list
- *id – Integer index of the discriminator list.
- int32 (default N/A)
- *aid-first – The AID of the first port to apply this to.
- string (default N/A)
- *Count – The number of ports to apply this rule to.
- int32 (default N/A)
- *group-type – Bolt – Applies to all of the olt, olt-mini – applies to all of olt, ont070 – applies to ONT70, ont120, ont121-w, ont121-wx, ont131-w, ont140, ont140-cl ont142-r, ont180, ont202, ont203-w, ont205, ont224, ont248, ont248-x, ont701, ont703, ont704, ont705, ont709, ont712, ont729, ont729-gp, ont734, ont742-g, ont742-gr, ontbasic
- enum (default N/A)
- *Rule-priority – The priority to apply to the rule when conflicts in the rule exist.
- int32 (default N/A)
- *Redundancy-mode –Failover – First server that answers is used until it fails, then move to the next.
roundrobin – Each request is sent to a different server in a round robin fashion.- failover | roundrobin (default Failover)
- *id – Integer index of the discriminator list.
- Container – oui-mac-discriminator
- *Index – Entry index in the table.
- 1..64 (default N)
- mac-address
- num-mask-bits
- *Index – Entry index in the table.
- Container – Selector-list
- Container – server-list .
- Admin-state – Whether this RADIUS server entry is in use. If disabled, radius server is skipped.
- enabled | disabled (default enabled)
- Dae-admin-state – Whether dynamic authorization extensions are supported/allowed for this server.
- enabled | disabled (default enabled)
- Dae-udp-port – The port to accept DAE requests on..
- 1..65535 (default 3799)
- Nas-udp-port – The DSCP code point at layer three.
- 1..65535 (default 1812)
- Server – The L2 pbit marking to associate with this DSCP code point. All DSCP code points without a map are assumed to be zero.
- ip address | hostname (default N/A)
- Server-udp-port – Port to use on the server.
- 1..65535 (default 1812)
- *Shared-key – The server secret key to be used to secure RADIUS communications.
- string (default N/A)
- Admin-state – Whether this RADIUS server entry is in use. If disabled, radius server is skipped.
- *Name – The name of the DSCP profile.
- Container – radius-profile
RADIUS Profile Creation Example
The following command will create a radius cluster.
- Command Path – tolt>profiles>radius-profiles>
- Module – tolt
- Container – profiles
- Types – Example Parameters
- Container – radius-profiles
- *Name – basic-radius-profile
- Container – server-list 1
- admin-state enabled
- ip-address 10.20.30.100 s
- server-udp-port 1812
- shared-key super-secret-key
- Container – server-list 2
- admin-state disabled
- dae-admin-state enabled
- dae-udp-port 3799 ip-address 10.20.30.100
- nas-udp-port 1812
- shared-key super-secret-key
- Container – radius-profiles
- From the MDS1-ESUA<config># command line, input tolt profiles radius-profiles basic-radius-profile, and press Enter.
- From the MDS1-ESUA<config-radius-profiles-basic-radius-profile)# command line, input server-list 1 and press Enter.
- From the MDS1-ESUA<config-server-list-1># command line, input admin-state enabled ip-address 10.20.30.100 server-udp-port 1812 shared-key super-secret-key and press Enter.
- From the MDS1-ESUA<config-server-list-1># command line, input exit and press Enter.
- From the MDS1-ESUA<config-radius-profiles-basic-radius-profile># command line, input server-list 2 and press Enter.
- From the MDS1-ESUA<config-server-list-2># command line, input admin-state disabled dae-admin-state enabled dae-udp-port 3799 ip-address 10.20.30.100 nas-udp-port 1812 shared-key super-secret-key and press Enter.
- Input commit and press Enter. Outputs similar to the following are displayed:
MDS1-ESUA<config># tolt profiles radius-profiles basic-radius-profile <enter> MDS1-ESUA<config-radius-profiles-basic-radius-profile># server-list 1 <enter> MDS1-ESUA<config-server-list-1># admin-state enabled ip-address 10.20.30.100 server-udp-port 1812 shared-key super-secret-key <enter> MDS1-ESUA<config-server-list-1># exit <enter> MDS1-ESUA<config-radius-profiles-basic-radius-profile># server-list 1 <enter> MDS1-ESUA<config-server-list-2># admin-state disabled dae-admin-state enabled dae-udp-port 3799 ip-address 10.20.30.100 nas-udp-port 1812 shared-key super-secret-key <enter> MDS1-ESUA(config-server-list-2># commit <enter> Commit complete. MDS1-ESUA<config-server-list-2># exit <enter> MDS1-ESUA<config-radius-profiles-basic-radius-profile># exit <enter> MDS1-ESUA<config>#_ |
RADIUS Profile Delete
The following command will delete a radius cluster.
- Command Path – no>tolt>profiles>radius-profiles>basic-radius-profile>
- Command – no
- Module – tolt
- Container – profiles
- Types – Example Parameters
- Container – radius-profiles
- *Name – basic-radius-profile
- Container – radius-profiles
- From the MDS1-ESUA<config># command line, input no tolt profiles radius-profiles basic-radius-profile, and press Enter.
- From the MDS1-ESUA<config># command line, input commit and press Enter.
- Outputs similar to the following are displayed:
MDS1-ESUA<config># no tolt profiles radius-profiles basic-radius-profile <enter> MDS1-ESUA<config># commit <enter> Commit complete. MDS1-ESUA<config>#_ |
RADIUS Profile Assignment
One or more RADIUS Profiles are assigned to a PAE profile. If more than one radius profile is assigned to the PAE profile, it must have a discriminator to allow the user to determine which RADIUS profile should be used.
- Command Path – tolt>profiles>pae-profiles>
- Module – tolt
- Container – profiles
- Container – pae-profiles
- Type – Example Parameter
- *Name – basic-pae
- radius-profile-list my-radius-cluster
- From the MDS1-ESUA<config># command line, input tolt profiles pae-profiles basic-pae radius-profile-list my-radius-cluster, and press Enter.
- Input commit and press Enter. Outputs similar to the following are displayed:
MDS1-ESUA<config>#tolt profiles pae-profiles basic-pae admin-state enabled radius-profile-list radius-cluster<enter> MDS1-ESUA<config-pae-profiles basic-pae># commit<enter>Commit Complete MDS1-ESUA<config-pae-profiles basic-pae># exitMDS1-ESUA<config>#
FEEDBACK: Are you happy with this material?
Thank you Your feedback helps us to continually improve our content.