Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Adding a RADIUS Client or Client Group

 

To add a RADIUS client or client group using the Web GUI:

  1. Select RADIUS Configuration > RADIUS Clients.

    The RADIUS Clients List page (Figure 19) appears.

    Figure 19: RADIUS Clients List Page
    RADIUS Clients List Page

  2. Click Add.

    The Create RADIUS Client pane (Figure 20) appears with the Basic Configuration tab selected.

    Figure 20: Create RADIUS Client Pane—Basic Configuration
    Create RADIUS Client Pane—Basic Configuration

  3. Enter the name for the RADIUS client or client group in the Name field.

    Although you can assign any name to a RADIUS client entry, you should use the device's IP address or DNS hostname to avoid confusion.

    You can create a special RADIUS client entry called <ANY> by selecting the Any RADIUS Client check box. The <ANY> RADIUS client allows SBR Carrier to accept requests from any NAD or proxy RADIUS server, as long as the shared secret is correct.

    The IP Address field for the <ANY> RADIUS client cannot be edited. <ANY> implies that the server accepts requests from any IP address, provided that the shared secret is correct.

    Note

    COA or DM messages do not work for the <ANY> RADIUS client. For COA or DM to work, the RADIUS client must have a unique name.

  4. Optionally, enter a description for the RADIUS client in the Description field.

    The description you associate with a RADIUS client is not used during processing.

  5. Enter the IP address for the RADIUS client in the IP Address field.

  6. Optionally, select the Use IPv6 check box to use IPv6 addressing.

  7. If you want the RADIUS client to use an IP address range, enter the starting address for the range in the IP Address field, select the Range check box, and enter the number of addresses in the Range field. You can create an address range supporting a maximum of 500 addresses.

    For more information about IPv4 address ranges for RADIUS clients, see Radius Client Groups.

  8. Enter the authentication shared secret for the RADIUS client in the Shared Secret field.

    For privacy, characters are masked. You can click Show to display the characters in the shared secret. After viewing the characters, you can click Hide to hide the characters.

    After you configure the authentication shared secret on the server side, you must enter the same authentication shared secret when you configure the NAD.

  9. Use the Make or Model list to select the make and model of your RADIUS client device.

    The make or model selection determines which attribute dictionary SBR Carrier uses when communicating with this client. If you are not sure which make and model you are using or if your device is not in the list, leave the default - Standard Radius - selection in the Make or Model list.

  10. If you want the RADIUS client to obtain IPv4 and IPv6 addresses from an address pool, select the Address Pool check box and use the Address Pool list to specify which address pool to use when returning an address in an access-accept to this RADIUS client.

    Note

    You must configure IP address pools before you set up RADIUS clients if you want the clients to use address pools. For more information, see Administering Address Pools.

    For more information about the usage of Framed-IPv6-Prefix for assigning addresses from pools, see the SBR Carrier Reference Guide.

  11. If you want to associate the RADIUS client with a location group, select the Location Group check box and use the Location Group list to specify the location group to which the RADIUS client belongs.

    Note

    You must configure RADIUS location groups before you set up RADIUS clients if you want the clients to use location group profiles. For more information, see Administering RADIUS Location Groups.

  12. If you want to associate a profile with the RADIUS client, click the Profiles tab (Figure 21), select the Use Profile check box, and use the drop-down list to select the profile you want the RADIUS client to use.

    Figure 21: Create RADIUS Client Pane—Profiles
    Create RADIUS Client Pane—Profiles
    Note

    The Profiles tab is disabled if you have selected the Location Group check box.

  13. Specify how you want the profile to interact with the user settings:

    • If you want attributes in the profile to override identically-named attributes configured for the user, select the Override option button.

    • If you want attributes in the profile to be merged with identically-named attributes configured for the user, select the Merge option button and then select either User or RADIUS Client option button to take precedence if the attributes in the profile specify different values for the same single-value or ordered-multiple-value attribute.

  14. Optionally, click the Diameter Configuration tab (Figure 22) to specify whether you want to enable RADIUS to Diameter translation, which converts RADIUS authentication or authorization requests to Diameter authentication or authorization requests.

    Note

    The Diameter Configuration tab is available only if you have installed a valid Diameter license.

    Figure 22: Create RADIUS Client Pane—Diameter Configuration
    Create RADIUS Client Pane—Diameter Configuration

    Select the Enable Diameter Conversion check box to enable the fields in the Policy area.

    • If you want to always enable RADIUS to Diameter translation for all the RADIUS requests that come to the RADIUS client, select the Use Diameter Conversion Always for this NAS check box.

    • If you want to enable RADIUS to Diameter translation only for the user with a specific profile, select the Use Diameter Conversion for the User with Specific Profile check box and use the drop-down list to specify the profile.

  15. Optionally, click the Advanced Configuration tab (Figure 23) to configure advanced settings for the RADIUS client.

    Figure 23: Create RADIUS Client Pane—Advanced Configuration
    Create RADIUS Client Pane—Advanced Configuration

  16. Optionally, specify an accounting secret for the RADIUS client. By default, SBR Carrier uses the same shared secret for authentication and accounting.

    If you want the RADIUS client to use different shared secrets for authentication and accounting, select the Use different Shared Secret for Accounting check box and enter the shared secret you want the RADIUS client to use for accounting in the Use different Shared Secret for Accounting field.

    For privacy, characters are masked. You can select the Show check box to display the characters in the shared secret. After viewing the characters, you can click Hide to hide the characters.

    Note

    You must enter the same accounting shared secret when you configure the RADIUS client.

  17. Optionally, if you have purchased the Session Control module license, specify the number of the UDP port you want the SBR Carrier to use for COA and DM messages in the RFC 3576 CoA/DM Port field.

    The default UDP port is 3799.

    Note

    COA or DM and Packet of Disconnect (POD) messages do not work for the <ANY> RADIUS client.

  18. Specify the shared secret used to authenticate COA and DM messages in the RFC 3576 CoA/DM Shared Secret field.

    For privacy, characters are masked. You can click Show to display the characters in the shared secret. After viewing the characters, you can click Hide to hide the characters.

    Note

    After you configure the COA or DM shared secret on the server side, you must enter the same COA or DM shared secret when you configure the NAD.

    Note

    If a NAD client is configured without saving the shared secret, you are prompted to enter the shared secret when the client is subsequently viewed. If unexpected results such as invalid signatures occur, ensure that the shared secret is set correctly.

  19. Specify the number of ports you want the SBR Carrier server to use for POD messages in the POD Port field.

  20. Specify the shared secret used to authenticate POD messages in the POD Shared Secret field.

    For privacy, characters are masked. You can click Show to display the characters in the shared secret. After viewing the characters, you can click Hide to hide the characters.

    Note

    After you configure the POD shared secret on the server side, you must enter the same POD shared secret when you configure the NAD.

    Note

    If a NAD client is configured without saving the shared secret, you are prompted to enter the shared secret when the client is subsequently viewed. If unexpected results such as invalid signatures occur, ensure that the shared secret is set correctly.

  21. Click Save to save the RADIUS client or client group configuration.

    The RADIUS Clients List page (Figure 19) displays an updated list of RADIUS client or client group entries.