Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Steel-Belted Radius Carrier as a Target

This section describes how to set up proxy forwarding from some other RADIUS server (the proxy) to the Steel-Belted Radius Carrier server (the target):

  1. Set up the proxy as a RADIUS client of Steel-Belted Radius Carrier.

    Add the entry using the RADIUS Clients List page. Specify the proxy’s name, its IP address, and the shared secret that you want to use for encryption between the proxy and Steel-Belted Radius Carrier.

  2. Ask the administrator at the target site to log in to the proxy’s RADIUS configuration program and set up Steel-Belted Radius Carrier as a proxy RADIUS target. Provide this administrator with the IP address of the Steel-Belted Radius Carrier server.

    Note: Make sure that the same UDP port and shared secret are entered on both proxy and target sides.

Dictionaries When Steel-Belted Radius Carrier is the Target

When Steel-Belted Radius Carrier receives a packet forwarded by proxy, it consults its RADIUS client entry for that proxy server. The Make/model field of this entry determines which attribute dictionary Steel-Belted Radius Carrier uses.

At various different times, Steel-Belted Radius Carrier can receive requests from the same proxy server that have originated from different network access servers, possibly of different types. The single Make/model field that was entered for the proxy might not be adequate to handle the variety of NASs on the other side of the transaction.

One way to handle this problem is to add the originating network access servers to Steel-Belted Radius Carrier’s list of RADIUS clients. Steel-Belted Radius Carrier can be configured to examine each packet forwarded by proxy for clues as to the make and model of the originating device. If clues are found, Steel-Belted Radius Carrier does everything it can to map this information to a vendor-specific dictionary, and uses this dictionary in preference to the one for the proxy.

Accepting Packets from Any Proxy

If you want Steel-Belted Radius Carrier to be able to accept proxy requests from any IP address, use the RADIUS Clients List page to add a special entry called <ANY>, and specify a shared secret. The <ANY> entry permits forwarded requests from any proxy to be accepted, provided the shared secret is correct.

Note: This feature requires that proxies are configured to use the shared secret you provide in the <ANY> entry.

 

Modified: 2017-03-07