Use the Add/Edit RADIUS Server window to configure the RADIUS servers used in your Extreme Management Center applications. RADIUS servers can be used in Management Center server authentication configurations and in NAC Manager AAA configurations.
You can access this window from the Users/Groups tab in the Authorization/Device Access tool, or in NAC Manager from the AAA Configuration window, by clicking the drop-down menu in the RADIUS Server field. You can also access this window from the Manage RADIUS Servers window. Any changes made in this window are written immediately to the Management Center database.
Click areas in the window for more information.
- Response Window
- This setting is used by Extreme Access Control when proxying a RADIUS request to a backend RADIUS server. Access Control keeps a status on all backend RADIUS servers instead of going to the primary RADIUS server for every request. If a RADIUS server does not respond in the amount of time specified here, that server is marked as down until it can be verified as being up. See the Health Check section of the Advanced RADIUS Server Configuration window for information on how NAC Manager determines the health of a RADIUS server.
- Timeout Duration
- The amount of time in seconds the Management Center server or Access Control engine waits for the RADIUS server to respond to an authentication or accounting request. Valid values are 2-60 seconds. This setting is only used for logging into Management Center via RADIUS or logging into the Access Control Captive Portal via RADIUS.
| NOTE: | The Access Control engine times out a RADIUS server if it takes more than
"(retries +1) * timeout" or 20 seconds, whichever is greater, for the server to
respond. For example, if the number of retries is set to 1 and the timeout
duration is set to 2 (the default values), then the engine times out a
RADIUS server if it takes longer than 20 seconds to respond, because that is the
greater value (20 to 4). If the RADIUS server times out, then NAC Manager fails over
to the backup RADIUS server until it determines that the primary server is back
up. At that point, NAC Manager starts proxying RADIUS requests to the primary server
again. |
|---|
- Number of Retries
- The number of times the Management Center server or Access Control engine resends an authentication or accounting request if the RADIUS server does not respond. Valid values are 0-20. This setting is only used for logging into Management Center via RADIUS or logging into the Access Control Captive Portal via RADIUS.
- Auth. Client UDP Port
- The UDP port number (1-65535) on the RADIUS server the Management Center server or Access Control engine sends authentication requests to; 1812 is the default port number.
- Proxy RADIUS Accounting Requests
- Use this option to enable the Access Control engine to proxy RADIUS accounting requests to the RADIUS server. This option must be enabled if you are doing RADIUS accounting in an Access Control environment where the primary RADIUS server is used for redundancy in a single Access Control engine configuration (Basic AAA configuration only).
- Accounting Client UDP Port
- The UDP port number (1-65535) on the RADIUS server that the Access Control engine sends accounting requests to; 1813 is the default port number.
- Server Shared Secret
- The shared secret is a string of characters used to encrypt and decrypt communication between the Management Center server or Access Control engine and the RADIUS server. In NAC Manager, this is also the shared secret used between the switch and the RADIUS server if the Access Control engine is bypassed or if you configured the Management RADIUS Server options when you added the switch. The shared secret must be at least 6 characters long; 16 characters is recommended. Dashes are allowed in the string, but spaces are not.
- Advanced Button
- Use this button to open the Advanced RADIUS Server Configuration window, where you can configure advanced RADIUS settings used by NAC Manager when proxying access requests to a backend RADIUS server.
For information on related windows:
