Configuring UDP Ports for RADIUS Plug-Ins (SRC CLI)
In RADIUS packets that RADIUS plug-ins send to a RADIUS server, the plug-in uses an identifier field to match requests to replies. This field provides for a maximum of 256 identifiers. Once all identifiers are used, the plug-in cannot send any more requests until it receives replies that match the requests already sent. In high-load systems, this limit can slow performance.
To overcome this limitation, you can configure a pool of UDP ports for RADIUS plug-ins. Having a pool of ports allows RADIUS plug-ins to create one queue per port to wait for RADIUS replies. Each queue can wait for 256 RADIUS packets. The RADIUS plug-ins send RADIUS packets through the pool of ports in a round-robin mode.
You can configure a global source UDP port or pool of ports that RADIUS plug-ins use to communicate with RADIUS servers. You can also configure UDP ports for each plug-in instance. If you do not configure a UDP port for a plug-in instance, the plug-in uses the global UDP port.
Use the following configuration statement to configure global configuration ports:
To configure global UDP ports:
From configuration mode, access the global RADIUS UDP port configuration. In this sample procedure, the UDP port is configured in the west-region SAE group.user@host# edit shared sae group west-region configuration global-radius-udp-port
Configure the source UDP port or a pool of ports that RADIUS plug-ins use to communicate with RADIUS servers.[edit shared sae group west-region configuration global-radius-udp-port]user@host# set udp-port