Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Adding a Proxy Target

This section explains how to set up proxy forwarding from the SBR Carrier server (the proxy) to another RADIUS server (the target).

To add a proxy target using the Web GUI:

  1. Select RADIUS Configuration > Proxy Targets.

    The Proxy Targets List page (Figure 50) appears.

    Figure 50: Proxy Targets List Page

    Proxy Targets List Page
  2. Click Add.

    The Create Proxy Target pane (Figure 51) appears with the Basic Configuration tab selected.

    Figure 51: Create Proxy Target Pane—Basic Configuration

    Create Proxy Target
Pane—Basic Configuration
  3. Enter a name for the proxy target in the Name field.

    The target name must not duplicate any other target name, realm name, or tunnel name in your SBR Carrier configuration. The entered name for a proxy target is not used in processing; SBR Carrier uses the IP address of the proxy target to route RADIUS packets.

  4. Enter a description for the proxy target in the Description field.
  5. Enter the IP address of the proxy target in the IP Address field.
  6. Optionally, select the Use IPv6 check box to use IPv6 addressing.
  7. Enter the shared secret for the proxy target in the SharedSecret field.

    Shared secrets are case-sensitive. If you want the characters in the shared secret to appear as you type, click Show. After viewing the characters, you can click Hide to hide the characters.

    The shared secret configured for the proxy target in SBR Carrier must match the shared secret configured on the proxy target.

  8. Optionally, click the Advanced Configuration tab (Figure 52) to configure advanced settings for the proxy target.

    Figure 52: Create Proxy Target Pane—Advanced Configuration

    Create
Proxy Target Pane—Advanced Configuration
  9. Enter the number of times SBR should try to reach the proxy target in the Number of Retries field. A request is retransmitted for the specified number of times if an acknowledgment from the target is not received. If the number of retries is exhausted, then the original request is rejected. By default, SBR Carrier retries three times before giving up.

    When SBR Carrier acts as a proxy, it emulates the characteristics of a NAD. This includes the ability to retransmit a request if the first attempt does not get a timely response from the proxy target.

  10. Enter the time interval between each retry in milliseconds in the Milliseconds b/w Retries field. By default, SBR Carrier waits 5000 milliseconds (5 seconds) between retries.
  11. The port numbers configured for the proxy target in SBR Carrier must match the port numbers configured on the proxy target. By default, SBR Carrier uses port 1645 for authentication and port 1646 for accounting. If the proxy target uses ports different from the default values for authentication or accounting, select the Authentication or Accounting check box and enter the port number you want SBR Carrier to use when exchanging RADIUS authentication or accounting information with the proxy target in the Authentication or Accounting field.
  12. Specify whether you want accounting requests to be forwarded or recorded locally.
    • If you select the Forward check box, SBR Carrier forwards the accounting transaction to the same proxy target that received the authentication transaction.
    • If you select the Record Locally check box, SBR Carrier logs the accounting transaction locally (regardless of whether an authentication request was forwarded to the proxy target).

      You can select both check boxes if you want accounting requests to be forwarded and logged locally.

  13. If you want SBR Carrier to use a different shared secret for accounting when communicating with the proxy target, select the Use Different Shared Secret for Accounting check box and enter an accounting shared secret in the Use Different Shared Secret for Accounting field.

    For privacy, characters are masked. You can click Show to display the characters in the shared secret. After viewing the characters, you can click Hide to hide the characters.

  14. If you want SBR Carrier to use a different shared secret for authenticating COA and DM messages, select the Use Different Shared Secret for CoA/DM check box and enter an accounting shared secret in the Use Different Shared Secret for CoA/DM field.

    For privacy, characters are masked. You can click Show to display the characters in the shared secret. After viewing the characters, you can click Hide to hide the characters.

  15. If you want to use a proxy target as an authentication method, select the Make Available as an Authentication Method check box.

    If you enable this option, the name of the proxy target appears in the Authentication Methods page (Figure 78) as proxy:name. This is useful if you have user records defined on an older RADIUS server and you want to provide a seamless migration to SBR Carrier. Using the older server as a proxy RADIUS target means that RADIUS requests that arrive addressed to this target are handled by SBR Carrier automatically, without requiring end users to change their addressing conventions.

  16. Click Save to save the proxy target configuration.

    The Proxy Targets List page (Figure 50) displays an updated list of proxy target entries.

Ask the administrator at the target site to log in to the target server’s RADIUS configuration program and add Steel-Belted Radius Carrier as a RADIUS client of the target server. Provide this administrator with the IP address of the Steel-Belted Radius Carrier server.

Modified: 2018-01-11