This window lets you add a RADIUS server to Policy Manager for the purpose of RADIUS accounting. Access this window by clicking Add in the RADIUS Server(s) Accounting sub-tab in the RADIUS tab for a device.
- Accounting Server Type
- Select the accounting type used on the RADIUS server.
NOTE: DNS is only available as an option if there is a valid DNS server configured on the device so the DNS name can resolve to an IP address when configuration occurs.
- Accounting Server IP
- Enter the IP or IPv6 address, or the hostname of the RADIUS accounting server. Not all devices support IPv6 address types.
- Accounting Client UDP Port
- Enter the UDP port number (1-65535) the device (RADIUS client) uses to send accounting requests to the RADIUS server; 1813 is the default port number. Devices that do not support RADIUS accounting will have this field grayed out (with the exception of an SNMPv1 R2 device, which will display accounting values but will not allow you to set them.)
- Server Shared Secret
- A string of characters used to encrypt and decrypt communications between
the device (RADIUS client) and the RADIUS accounting server. This string must match the
shared secret entered when you added the client device on the RADIUS server. Without the shared secret, the server and
client will be unable to communicate.
The shared secret must be at least 6 characters long; 16 characters is recommended.
Dashes are allowed in the string, but spaces are not.
NOTE: If you are configuring multiple RADIUS servers, the same server shared secret must be used for each RADIUS server. This is because most Policy Manager devices (RADIUS clients) only support one shared secret. Matrix N-Series devices with firmware version 5.0 or above are an exception to this, as these devices do support a unique shared secret for each server. NOTE: This Server Shared Secret is not to be confused with the Application Shared Secret that encrypts communication between the RADIUS client and Policy Manager, entered in the Application Shared Secret area of the RADIUS tab for a device.
- Timeout Duration (2 -10 sec)
- The amount of time in seconds the device will wait for the RADIUS server to respond to an accounting request. Valid values are 2-10 seconds. Devices that do not support RADIUS accounting will have this field grayed out (with the exception of an SNMPv1 R2 device, which will display accounting values but will not allow you to set them.)
- Update Interval (minutes)
- The Accounting Update Interval is the amount of time in minutes between accounting updates. For ExtremeWireless Wireless devices, this value is configured per RADIUS server. For all other devices, this value is global to all RADIUS servers, and is specified per device (Client Default) in the RADIUS Accounting Client Settings section of the RADIUS tab. Devices that do not support RADIUS accounting will have this field grayed out.
- Accounting Access Type
- Use the drop-down menu to select the type of accounting access allowed for this
RADIUS server:
- Any access - the server can send an accounting request for users originating from any access type.
- Management access - the server can only send an accounting request for users that have requested management access via the console, Telnet, SSH, or HTTP, etc.
- Network access - the server can only send an accounting request users that are accessing the network via 802.1X, MAC, or Web-Based accounting.
- Server Priority (1-20)
- Order in which the RADIUS accounting server will be checked, as compared to the other RADIUS accounting servers on the device. The lower the number, the higher the priority.
- Management Interface
- Select the IP address and VRName to use when the switch is communicating with a configured RADIUS server.
NOTE: ExtremeXOS devices must define a Management Interface.
For information on related windows:
For information on related tasks:
