Steel Belted Radius Carrier 7.0 Administration and Configuration Guide > Administering Proxy RADIUS > Adding a Proxy Target

Adding a Proxy Target

This section explains how to set up proxy forwarding from the Steel-Belted Radius Carrier server (the proxy) to another RADIUS server (the target).

To add a proxy target:

1. Choose Proxy Targets to open the Proxy Target panel.
2. Click the Add button on the SBR Administrator toolbar.

The Add Proxy Target dialog (Figure 48) appears.

Figure 48: Add Proxy Target Dialog

3. Enter the name of the proxy target in the Name field.

The target name must not duplicate any other target name, realm name, or tunnel name in your Steel-Belted Radius Carrier configuration. The name you record for a proxy target is not used in processing; Steel-Belted Radius Carrier uses the proxy target's IP address to route RADIUS packets.

To specify that the proxy target does not use a fixed IP address, click the Roaming check box.

4. Enter a description for the proxy target in the Description field.
5. Enter the IP address or DNS name of the proxy target in the IP Address field.

If you enter the DNS name of the proxy target, the SBR Administrator resolves the name you enter to an IP address automatically.

6. Enter the shared secret for the proxy target in the Shared Secret field.

Shared secrets are case-sensitive.

If you want the characters in the shared secret (rather than asterisks) to appear as you type, click the Unmask check box.

The shared secret configured for the proxy target in Steel-Belted Radius Carrier must match the shared secret configured on the proxy target.

7. Specify how many times Steel-Belted Radius Carrier should try to reach the proxy target and how long to wait between attempts in the Number of retries and Milliseconds between retries fields.

When Steel-Belted Radius Carrier acts as a proxy, it emulates the characteristics of a network access device. This includes the ability to retransmit a request if the first attempt does not get a timely response from the proxy target.

• The Number of retries field specifies the number of times a request is retransmitted if an acknowledgment from the target is not received; if the number of retries is exhausted, then the original request is rejected. By default, Steel-Belted Radius Carrier retries three times before giving up.
• The Milliseconds between retries field specifies the time interval between each retry in milliseconds (thousandths of a second). By default, Steel-Belted Radius Carrier waits 5000 milliseconds (5 seconds) between retries.

8. The port numbers configured for the proxy target in Steel-Belted Radius must match the port numbers configured on the proxy target. By default, Steel-Belted Radius uses port 1645 for authentication and port 1646 for accounting. If the proxy target uses ports different from the default values for authentication or accounting, click the Authentication or Accounting check box and enter the port number you want Steel-Belted Radius Carrier to use when exchanging RADIUS authentication or accounting information with the proxy target.
9. Specify whether you want accounting requests to be forwarded or recorded locally.

• If you click the Forward check box, Steel-Belted Radius Carrier forwards the accounting transaction to the same proxy target that received the authentication transaction.
• If you click the Record locally check box, Steel-Belted Radius Carrier logs the accounting transaction locally (regardless of whether an authentication request was forwarded to the proxy target.

You can click both check boxes if you want accounting requests to be forwarded and logged locally.

10. If you want Steel-Belted Radius Carrier to use a different shared secret for accounting when communicating with the proxy target, click the Use different shared secret for accounting check box and click the Edit button to specify an accounting shared secret.

Refer to Maintaining an Accounting Shared Secret136 for information on using the Edit Accounting Shared Secret dialog.

11. If you want to use a proxy target as an authentication method, click the Make available as an authentication method check box.

If you enable this option, the name of the proxy target appears in the Order of Methods dialog in the Authentication Policies panel as proxy:name. This is useful if you have user records defined on an older RADIUS server and you want to provide a seamless migration to Steel-Belted Radius Carrier. Using the older server as a proxy RADIUS target means that RADIUS requests that arrive addressed to this target are handled by Steel-Belted Radius Carrier automatically, without requiring end users to change their addressing conventions.

12. Click OK.
    

    NOTE: If the proxy target that you are configuring is a member of a proxy RADIUS realm, ensure that the Make available as an authentication method check box is unchecked.

    
    

Ask the administrator at the target site to log in to the target server's RADIUS configuration program and add Steel-Belted Radius Carrier as a RADIUS client of the target server. Provide this administrator with the IP address of the Steel-Belted Radius Carrier server.