Creating RADIUS Peers

RADIUS peers are instances of RADIUS servers. If you define multiple servers, the SAE uses them in cases of failover or as alternate routers for load-balancing purposes.

Each RADIUS plug-in requires a default peer. Configure a RADIUS peer before you configure the plug-in.

RADIUS peers are configured in the peer group for each RADIUS plug-in. Use the following configuration statements to configure a RADIUS peer:

shared sae configuration plug-ins name name radius-accounting peer-group name {
server-address server-address ;
server-port server-port ;
secret secret ;
}
shared sae configuration plug-ins name name radius-authentication peer-group name {
server-address server-address ;
server-port server-port ;
secret secret ;
}
shared sae configuration plug-ins name name custom-radius-accounting peer-group name {
server-address server-address ;
server-port server-port ;
secret secret ;
}
shared sae configuration plug-ins name name custom-radius-authentication peer-group name {
server-address server-address ;
server-port server-port ;
secret secret ;
}
shared sae configuration plug-ins name name flex-radius-accounting peer-group name {
server-address server-address ;
server-port server-port ;
secret secret ;
}
shared sae configuration plug-ins name name flex-radius-authentication peer-group name {
server-address server-address ;
server-port server-port ;
secret secret ;
}

To create a RADIUS peer:

  1. From configuration mode, access the RADIUS peer configuration for the plug-in that you are configuring. In this sample procedure, the RADIUS peer is configured in the west-region SAE group.
    user@host# edit shared sae group west-region configuration plug-ins name basicRadius radius-accounting peer-group peer1
  2. Configure the IP address of the RADIUS server to which the SAE sends accounting data.
    [edit shared sae group west-region configuration plug-ins name basicRadius radius-accounting peer-group peer1]
    user@host# set server-address server-address
  3. Configure the port used for RADIUS packets.
    [edit shared sae group west-region configuration plug-ins name basicRadius radius-accounting peer-group peer1]
    user@host# set server-port server-port
  4. Configure the password that is shared with the RADIUS server. You must configure the same password on the RADIUS server.
    [edit shared sae group west-region configuration plug-ins name basicRadius radius-accounting peer-group peer1]
    user@host# set secret secret
  5. (Optional) Verify your configuration. 
    [edit shared sae group west-region configuration plug-ins name basicRadius radius-accounting peer-group peer1]
user@host# show 
server-address 10.10.1.1;
server-port 1812;
secret ********;