Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring RADIUS Server Parameters on Multiple Network Elements

 

Use this procedure to configure the same RADIUS server parameters across multiple network elements.

Note

The PSM server treats each network element separately, launching individual tasks to communicate with and configure each NE. A task failure for one NE does not affect tasks for the other NEs.

Note

PSM connects to each NE using the login credentials that you supplied when you connected to the PSM server. Therefore each NE must be configured with these same login credentials for this procedure to be successful.

Note

PSM connects to each NE using the applicable protocol for that NE type. When connecting to an NE over SSH (e.g. BTI7800), the SSH key provided by the NE must match the expected key (if the key was previously stored). If the key supplied by the NE does not match the expected key, the task times out and fails. Under normal situations, the supplied key matches the expected key. However, if the NE operating system has been re-installed, the keys might not match. In this situation, you will need to remove the expected key from the PSM server machine's ~/.ssh/known_hosts file. One method of doing this is to issue the following Linux command from a Linux shell on the PSM server machine:

where NE_IP_address is the IP address of the NE.

This procedure is supported on BTI7000 Series, BTI7800 Series, BTI800 Series, and BTI700 Series NEs.

  1. To configure RADIUS server parameters, select one or more network elements from the main topology window or from the tree view. Only compatible network elements can be selected together.
  2. Right-click and select Scripts>Network Elements>Configure Radius Server.

    The "Create Radius Server" dialog appears with the list of selected network elements at the top. Depending on the type of network element selected, you will see one of the following two dialogs:

    Figure 1: Configure Radius Server
    Configure Radius Server
    Figure 2: Configure Radius Server (BTI718E)
    Configure Radius Server (BTI718E)

    For BTI7000 Series, BTI7800 Series, BTI800 Series and BTI700 Series (excluding the BTI718E) NEs, you are adding a single RADIUS server in this procedure. Repeat the entire procedure to add a second RADIUS server.

    For the BTI718E, you are adding the primary and the secondary servers simultaneously in this procedure. Click the Add button to expand the dialog to specify up to a maximum of two secondary servers.

    Note

    For both dialogs, the "Selected Network Element(s)" box has limited space to display network elements. In some situations where the number of selected network elements is large, some network elements might not be displayed. This is normal behavior and does not affect script execution, which runs for all selected network elements, regardless of whether they appear in the list or not.

  3. Configure the RADIUS parameters:

    Attribute

    BTI7000 Series

    Radius Server Name

    Not applicable.

    Radius Server IP Address

    Sets the IP address.

    Radius Server Role:

    		 
     

    primary

    Sets the Role attribute to primary.

    secondary

    Sets the Role attribute to secondary.

    disabled

    Sets the Role attribute to disabled. The specified server is configured but not used.

    Radius Server Port

    Sets the Port attribute to the specified value.

    Radius Server Key

    Sets the Key (shared secret) attribute to the specified value.

    Radius Server Priority

    		 
     

    disabled

    Sets the Authentication Priority attribute to disabled. The NE uses local database authentication only.

    local

    Sets the Authentication Priority attribute to local. The NE uses local database authentication first, then RADIUS server authentication.

    remote

    Sets the Authentication Priority attribute to remote. The NE uses RADIUS server authentication first, then local database authentication.

    Attribute

    BTI7800 Series

    Radius Server Name

    Not applicable.

    Radius Server IP Address

    Sets the IP address.

    Radius Server Role

    Not applicable.

    Radius Server Port

    Sets the authentication port to the specified value.

    Radius Server Key

    Sets the shared secret to the specified value.

    Radius Server Priority

    Not applicable.

    Attribute

    BTI800 Series

    Radius Server Name

    Not applicable.

    Radius Server IP Address

    Sets the IP address.

    Radius Server Role:

    		 
     

    primary

    Specifies that this is the primary server for the BTI810. Not applicable for the BTI805, BTI821, BTI822.

    secondary

    Specifies that this is the secondary server for the BTI810. Not applicable for the BTI805, BTI821, BTI822.

    disabled

    Not applicable.

    Radius Server Port

    Sets the authentication port.

    Radius Server Key

    Sets the shared secret.

    Radius Server Priority

    		 
     

    disabled

    Not applicable.

    local

    Sets the auth-order attribute to local. The NE uses local database authentication first, then RADIUS server authentication.

    remote

    Sets the auth-order attribute to radius. The NE uses RADIUS server authentication first, then local database authentication.

    Attribute

    BTI700 Series

    Radius Server Name

    Sets the NAME attribute to the specified value.

    Radius Server IP Address

    Sets the IP address.

    Radius Server Role:

    		 
     

    primary

    Sets the mode attribute to main and the state to active.

    secondary

    Sets the mode attribute to backup, and the state to active.

    disabled

    Sets the state to suspend.

    Radius Server Port

    Sets the auth-port attribute to the specified value.

    Radius Server Key

    Sets the SECRET attribute to the specified value.

    Radius Server Priority

    		 
     

    disabled

    Sets line vty 1 2 login local. The NE uses local authentication for the first two sessions.

    local

    Sets line vty 1 2 login local. The NE uses local authentication for the first two sessions.

    remote

    Sets line vty 1 2 login radius. The NE uses RADIUS authentication for the first two sessions.

  4. When you are finished, click OK.

    The PSM server launches a task for each NE being configured.

  5. Look at the Tasks window to verify that each task has completed successfully.

    In this example, the "Configure Radius Server" task was successful for 10.1.205.8.

    A task might fail under these conditions:

    • You are adding a RADIUS server to a BTI7000 Series NE that already has two RADIUS servers defined. The task fails and no changes take effect.

    • You are adding a RADIUS server to a BTI7000 Series NE that has that particular RADIUS server already defined (regardless of the role). The task fails and no changes take effect.

    Note

    Other failure conditions exist. Expand the task details of any failed task to see why the task has failed. Since a failed task might still lead to changes on the NE, you will also need to check the NE on task failure.

This procedure is now complete.