Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring Pseudo–RADIUS Authorization Server Properties (SRC CLI)

 

Tasks to configure the pseudo–RADIUS authorization server are:

Configuring the Pseudo–RADIUS Authorization Server (SRC CLI)

Use the following configuration statements to configure the pseudo–RADIUS authorization server:

To configure the pseudo–RADIUS authorization server:

  1. From configuration mode, access the configuration statement that configures the pseudo–RADIUS authorization server.
  2. Specify the listening port for RADIUS requests.
  3. (Optional) Specify the host address to bind to the pseudo–RADIUS authorization server. Absence (or deletion) of this attribute means binding it to a wildcard (*) address.
  4. (Optional) Specify whether to query the SAE for the number of active subscribers for a given interface. If set to true, the response to the RADIUS access request depends on the comparison between the number of active subscriber sessions and the lease limit for the interface. If the number of active subscriber sessions is less than the lease limit, the response is the RADIUS access accept message without the lease limit RADIUS attribute; otherwise, the response is the RADIUS access accept message where the subscriber is not assigned an address. If set to false, the response is the RADIUS access accept message with the lease limit RADIUS attribute. If the lease limit RADIUS vendor-specific attribute is returned, the MX Series router verifies the lease limit.
  5. (Optional) Specify whether to search for a cached DHCP profile in the o=AuthCache directory based on the MAC address. If set to true, you must configure a directory connection to the cached DHCP profiles.

    If set to true, the following conditions apply:

    • If a cached DHCP profile is found, the RADIUS response message includes the RADIUS attribute values for framed IP address, pool name, service bundle, and RADIUS class attributes that are present in the cached DHCP profile.

    • If the check-lease-limit-with-sae option is set to true and the number of active subscriber sessions is less than the lease limit, the RADIUS access accept message includes the cached DHCP profile.

    • If the check-lease-limit-with-sae option is set to false, the RADIUS response includes the lease limit.

    If set to false, the RADIUS response message does not include the cached DHCP profile information.

  6. (Optional) Specify the default lease limit for all interfaces.
  7. Specify the invalid pool name returned when the number of active subscriber sessions exceeds the lease limit.
  8. (Optional) Specify the timeout of a cached authenticated request.
  9. Specify the amount of time to wait before cleaning up cached RADIUS access requests that have been accepted.
  10. Specify the maximum age of an unacknowledged RADIUS access request cached in memory. We recommend a value slightly greater than the RADIUS packets retry interval.
  11. Specify the minimum number of concurrent threads processing RADIUS access messages subtasks.
  12. Specify the maximum number of unacknowledged RADIUS messages to be received from the RADIUS server before it discards new messages.
  13. Specify the service type of the RADIUS packets that will be forwarded.
  14. (Optional) Verify your configuration.
  15. Access the configuration statement that specifies the trusted RADIUS clients.
  16. Specify the RADIUS shared secret for the client.

Configuring the Directory Connection Properties for the Subscriber Data

The subscriber data can be queried for information such as the interface’s lease limit.

Use the following statements to configure the directory connection to the directory in which the subscriber data is stored:

To configure directory connection properties:

  1. From configuration mode, access the configuration statement that configures the directory connection.
  2. Specify the top-level directory DN.
  3. Specify the subtree in the directory in which the subscriber data is stored.
  4. Access the configuration statement that configures the directory connection properties.
  5. Specify the directory connection properties for the subscriber data.
  6. (Optional) Verify your configuration.

Configuring Directory Connection Properties for the Cached DHCP Profiles

The DHCP profiles can be queried by MAC address for the RADIUS framed IP address for authorized subscribers or invalid pool name for unauthorized subscribers.

Use the following statements to configure the directory connection to the directory in which the cached DHCP profiles are stored:

To configure directory connection properties:

  1. From configuration mode, access the configuration statement that configures the directory connection.
  2. Specify the top-level directory DN.
  3. Specify the subtree in the directory in which the cached DHCP profiles are stored.
  4. Access the configuration statement that configures the directory connection properties.
  5. Specify the directory connection properties for the cached DHCP profiles.
  6. (Optional) Verify your configuration.