Creating RADIUS Peers (SRC CLI)

RADIUS peers are instances of RADIUS servers. If you define multiple servers, the SAE uses them in cases of failover or as alternate routers for load-balancing purposes.

Each RADIUS plug-in requires a default peer. Configure a RADIUS peer before you configure the plug-in.

RADIUS peers are configured in the peer group for each RADIUS plug-in. Use the following configuration statements to configure a RADIUS peer:

shared sae configuration plug-ins name name radius-accounting peer-group name {server-address server-address ; server-port server-port ; secret secret ; }
shared sae configuration plug-ins name name radius-authentication peer-group name {server-address server-address ; server-port server-port ; secret secret ; }
shared sae configuration plug-ins name name custom-radius-accounting peer-group name {server-address server-address ; server-port server-port ; secret secret ; }
shared sae configuration plug-ins name name custom-radius-authentication peer-group name {server-address server-address ; server-port server-port ; secret secret ; }
shared sae configuration plug-ins name name flex-radius-accounting peer-group name {server-address server-address ; server-port server-port ; secret secret ; }
shared sae configuration plug-ins name name flex-radius-authentication peer-group name {server-address server-address ; server-port server-port ; secret secret ; }

To create a RADIUS peer:

  1. From configuration mode, access the RADIUS peer configuration for the plug-in that you are configuring. In this sample procedure, the RADIUS peer is configured in the west-region SAE group.
    user@host# edit shared sae group west-region configuration plug-ins name basicRadius radius-accounting peer-group peer1
  2. Configure the IP address of the RADIUS server to which the SAE sends accounting data.
    [edit shared sae group west-region configuration plug-ins name basicRadius radius-accounting peer-group peer1] user@host# set server-address server-address
  3. Configure the port used for RADIUS packets.
    [edit shared sae group west-region configuration plug-ins name basicRadius radius-accounting peer-group peer1] user@host# set server-port server-port
  4. Configure the password that is shared with the RADIUS server. You must configure the same password on the RADIUS server.
    [edit shared sae group west-region configuration plug-ins name basicRadius radius-accounting peer-group peer1] user@host# set secret secret
  5. (Optional) Verify your configuration.
    [edit shared sae group west-region configuration plug-ins name basicRadius radius-accounting peer-group peer1]
    user@host# show 
    server-address 10.10.1.1;
    server-port 1812;
    secret ********;

Related Documentation