Use the Add/Edit RADIUS Server window to configure the RADIUS servers used in your ExtremeCloud IQ Site Engine applications. RADIUS servers can be used in ExtremeCloud IQ Site Engine server authentication configurations and in ExtremeControl AAA configurations.
You can access this window from the Manage RADIUS Servers window. Any changes made in this window are written immediately to the ExtremeCloud IQ Site Engine database.
- Response Window
- This setting is used by ExtremeControl when proxying a RADIUS request to a backend RADIUS server. ExtremeControl keeps a status on all backend RADIUS servers instead of going to the primary RADIUS server for every request. If a RADIUS server does not respond in the amount of time specified here, that server is marked as down until it can be verified as being up. See the Health Check section of the Advanced RADIUS Server Configuration window for information on how ExtremeControl determines the health of a RADIUS server.
Authentication Via ExtremeCloud IQ Site Engine or Captive Portal
- Timeout Duration
- The amount of time in seconds the ExtremeCloud IQ Site Engine server or ExtremeControl waits for the RADIUS server to respond to an authentication or accounting request. Valid values are 2-60 seconds. This setting is only used for logging into ExtremeCloud IQ Site Engine via RADIUS or logging into the ExtremeControl Captive Portal via RADIUS.
| NOTE: | The ExtremeControl engine times out a RADIUS server if it takes more than
"(retries +1) * timeout" or 20 seconds, whichever is greater, for the server to
respond. For example, if the number of retries is set to 1 and the timeout
duration is set to 2 (the default values), then the engine times out a
RADIUS server if it takes longer than 20 seconds to respond, because that is the
greater value (20 to 4). If the RADIUS server times out, then ExtremeControl fails over
to the backup RADIUS server until it determines that the primary server is back
up. At that point, ExtremeControl starts proxying RADIUS requests to the primary server
again. |
|---|
- Number of Retries
- The number of times the ExtremeCloud IQ Site Engine server or ExtremeControl engine resends an authentication or accounting request if the RADIUS server does not respond. Valid values are 0-20. This setting is only used for logging into ExtremeCloud IQ Site Engine via RADIUS or logging into the ExtremeControl Captive Portal via RADIUS.
Configuration
- UDP Button
- Select the UDP button to configure the UDP port on the RADIUS server to receive authentication and accounting requests.
NOTE: If you are enforcing to an ExtremeControl engine for an Extreme Management Center version prior to Version 8.5, you must use different ports to configure UDP Auth. and Accounting. UDP will not function if the Auth and Accounting are configured for the same port for previous versions of ExtremeCloud IQ Site Engine. -
- Auth. Client UDP Port
- The UDP port number (1-65535) on the RADIUS server that the ExtremeCloud IQ Site Engine server or ExtremeControl engine sends authentication requests to; 1812 is the default port number.
- Accounting Client UDP Port
- The UDP port number (1-65535) on the RADIUS server that the ExtremeControl engine sends accounting requests to; 1813 is the default port number.
- TCP Button
- Select the TCP button to configure the TCP port on the RADIUS server to receive authentication and accounting requests.
NOTE: For versions prior to ExtremeCloud IQ Site Engine Version 8.5, TCP settings are not supported and cannot be enforced to ExtremeControl engines. - Auth. Client TCP Port
- The TCP port number (1-65535) on the RADIUS server that the
ExtremeCloud IQ Site Engine server or ExtremeControl engine sends
authentication requests to; 1812 is the default port number.
- Accounting Client TCP Port
- The TCP port number (1-65535) on the RADIUS server that the
ExtremeControl engine sends accounting requests
to; 1813 is the default port number.
- RADSec Button
- Select the RADSec button to configure the TLS (Transport Layer Security) port on the RADIUS server to receive authentication and accounting requests.
NOTE: For versions prior to ExtremeCloud IQ Site Engine Version 8.5, TLS settings are not supported and cannot be enforced to ExtremeControl engines.
- Proxy RADIUS Accounting Requests
- Select this checkbox to enable the ExtremeControl engine to proxy RADIUS accounting requests to the RADIUS server. This option must be enabled if you are doing RADIUS accounting in an ExtremeControl environment where the primary RADIUS server is being used for redundancy in a single ExtremeControl engine configuration (Basic AAA configuration only).
Change Server Shared Secret
- Server Shared Secret
- The shared secret is a string of characters used to encrypt and decrypt communication between the ExtremeCloud IQ Site Engine server or ExtremeControl and the RADIUS server. In ExtremeCloud IQ Site Engine, this is also the shared secret used between the switch and the RADIUS server if the ExtremeControl engine is bypassed or if you configured the Management RADIUS Server options when you added the switch. The shared secret must be at least 6 characters long; 16 characters is recommended. Dashes are allowed in the string, but spaces are not.
- Advanced Button
- Use this button to open the Advanced RADIUS Server Configuration window, where you can configure advanced RADIUS settings used by ExtremeControl when proxying access requests to a backend RADIUS server.
For information on related help topics: