Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring Upstream and Downstream RADIUS Network Elements (SRC CLI)

 

Configuration Statements for Downstream Network Elements and Accounting and Authentication Targets (SRC CLI)

Use the following statements to configure downstream RADIUS network elements and accounting and authentication targets for the SIC group:

Configuration Statements for Upstream Network Elements, Accounting and Authentication Clients, and Dynamic Authorization Targets (SRC CLI)

Use the following statements to configure upstream RADIUS network elements, accounting and authentication clients, and dynamic authorization targets for the SIC group:

Creating a Network Element (SRC CLI)

Network elements are logical entities that are considered either upstream or downstream from the SIC. Upstream network elements contain logical clients and targets for NAS devices. Downstream network elements contain logical targets for the downstream AAA server responsible for accounting and authentication.

Use the following statement to create a network element:

To create a network element:

  • From configuration mode, access the statement that creates a RADIUS network element. For example, to create a network element called ne1 for the SIC group group1:

Configuring the Device Models Supported in the Network Element (SRC CLI)

You must configure which device models are supported by the upstream and downstream network elements.

Note

To assign a device model to a network element, you must first configure the device models and the associated dictionaries supported by the SIC group using the shared sic group identifier model id statement. See Configuring the Device Models Supported by the SIC Group (SRC CLI).

Use the following statements to configure the device model:

To configure the device models supported in the network element:

  1. From configuration mode, access the statement that configures the RADIUS network element and specify a name for the network element. This sample procedure uses group1 for the SIC group and ne1 for the downstream network element identifier.

  2. Specify a device model. The device model must have previously been configured for the SIC group.

Configuring Upstream Network Elements and Accounting and Authentication Clients (SRC CLI)

Accounting and authentication clients are NAS devices that logically reside in upstream network elements. Accounting clients send RADIUS accounting requests to the SIC accounting listener. Authentication clients send RADIUS authentication requests to the SIC authentication listener. You must configure at least one accounting client and one authentication client. Each client must have a unique name and address.

Use the following statements to configure accounting clients:

To configure RADIUS accounting and authentication clients:

  1. From configuration mode, access the statement that configures an upstream network element and RADIUS client. For example, to configure an upstream RADIUS network element called ne1 and RADIUS client called rc1 for the SIC group group1:

  2. (Optional) Specify the IP address of the RADIUS client.

  3. (Optional) Specify the shared secret used by the accounting client.

  4. Specify the shared secret used by the authentication client.

Configuring Upstream Network Elements and Dynamic Authorization Targets (SRC CLI)

Dynamic authorization targets are logical entities that represent the NAS device in upstream network elements. The SIC forwards COA/DM requests to dynamic authorization targets.

Use the following statements to configure dynamic authorization targets:

To configure a dynamic authorization target:

  1. From configuration mode, access the statement that configures an upstream network element and dynamic authorization target. For example, to configure an upstream RADIUS network element called ne1 and dynamic authorization target called dat1 for the SIC group group1:

  2. Specify the IP address of the target.

  3. Specify the priority of the target. Targets with lower priority values are selected before other targets in a failover policy.

  4. Specify the shared secret used by the target.

  5. (Optional) Specify the port used by the target to receive dynamic authorization messages.

Configuring Downstream Network Elements and Accounting and Authentication Targets (SRC CLI)

Accounting and authentication targets (RADIUS AAA server) receive requests forwarded by the SIC. These targets reside in downstream network elements. You must configure at least one accounting target and one authentication target. Each target must have a unique name and address.

  1. Configuring SIC Accounting Targets (SRC CLI)

  2. Configuring SIC Authentication Targets (SRC CLI)

Configuring SIC Accounting Targets (SRC CLI)

Use the following statements to configure accounting targets:

To configure an accounting target:

  1. From configuration mode, access the statement that configures the accounting target. This sample procedure uses group1 for the group identifier, ne1 for the network element identifier, and target1 as the accounting target name.

  2. Specify the IP address of the RADIUS accounting target contained in the network element.

  3. Specify the priority of the target. Targets with lower priority values are selected before other targets in a failover policy.

  4. Specify the shared secret used by the RADIUS accounting target.

  5. (Optional) Specify the name of the local transport used to send requests to the accounting target.

  6. (Optional) Specify the UDP port number on which the RADIUS accounting target listens for requests.

Configuring SIC Authentication Targets (SRC CLI)

Use the following statements to configure authentication targets:

To configure an authentication target:

  1. From configuration mode, access the statement that configures the authentication target. This sample procedure uses group1 for the group identifier, ne1 for the network element identifier, and target1 as the authentication target name.

  2. Specify the IP address of the RADIUS authentication target contained in the network element.

  3. Specify the priority of the target. Targets with lower priority values are selected before other targets in a failover policy.

  4. Specify the shared secret used by the RADIUS authentication target.

  5. (Optional) Specify the name of the local transport used to send outbound requests to the authentication target.

  6. (Optional) Specify the UDP port number on which the RADIUS authentication target listens for requests.

Configuration Statements for SIC Group Failover Mode and Policy (SRC CLI)

Use the following statements to configure failover mode and policy:

Configuring Failover Mode and Policy (SRC CLI)

You must configure failover mode and policy for accounting and authentication targets upstream by completing the following tasks:

  1. Configuring Failover Mode (SRC CLI)

  2. Configuring Fast Fail Options for the Failover Policy

  3. Configuring Retry Options for the Failover Policy

Configuring Failover Mode (SRC CLI)

You must configure failover mode for both accounting and authentication messages. Use the following statement to configure failover mode:

To configure failover mode:

  1. From configuration mode, access the statement that configures the network element failover mode and specify whether the connection is for authentication or accounting messages.

    For example, this sample procedure uses group1 for the group identifier, ne1 for the network element identifier, and accounting as the connection.

  2. Specify failover mode used by the network element.

    Where:

    • round-robin—When this failover mode is used, messages are sent to the network element over alternating paths.

    • primary-backup—When this failover mode is used, messages are sent over the primary path unless it is unavailable, in which case messages are sent over the backup path.

Configuring Fast Fail Options for the Failover Policy

You must configure fast fail options for the failover policy for both accounting and authentication messages. Use the following statement to configure fast fail options:

To configure fast fail options for the failover policy:

  1. From configuration mode, access the statement that configures fast fail options for the failover policy. For example, this sample procedure uses group1 for the group identifier, ne1 for the network element identifier, and accounting as the connection type.

  2. Specify the minimum number of times the message is retransmitted if an acknowledgment from the target is not received.

  3. Specify the time in seconds before the target is placed into fast fail mode.

  4. Specify the time in seconds after which the target is taken out of fast fail mode.

Configuring Retry Options for the Failover Policy

You must configure retry options for the failover policy for both accounting and authentication messages. Use the following statement to configure retry options:

To configure retry options for the failover policy:

  1. From configuration mode, access the statement that configures retry options for the failover policy. For example, this sample procedure uses group1 for the group identifier, ne1 for the network element identifier, and accounting as the connection type.

  2. Specify the maximum number of times a message is retransmitted if an acknowledgment from the target is not received.

  3. Specify the number of seconds between retry attempts.