Command Reference: set radius

set radius

Use the set radius command to

Configure a PortServer to use one or more RADIUS (remote authentication dial-in user service) servers to authenticate and maintain user profiles on dial-in users
Display current RADIUS configuration parameters

Normal users can use the set radius command to display all RADIUS configuration parameters, except the RADIUS password. Administrator (root) privileges are required to display the password and configure the PortServer to use RADIUS servers.

When the PortServer uses a RADIUS server, it authenticates users by first searching its own user table and then, if the user is not found, searching the RADIUS server.

Note: RADIUS is not supported on Digi One RealPort or PortServer TS 2/4.

Command Syntax

Configuration Syntax

Enter the set radius command as shown below to configure a PortServer to use RADIUS servers to authenticate dial-in users.

set radius [primary=ip_addr][run={on|off}] [secondary=ip_addr] [secret=password] [tolerant={on|off}]

Display Syntax

Enter the set radius command as shown below to display RADIUS configuration status.

set radius

Command Fields

Command Field	Description
primary	Specifies the IP address of the primary RADIUS server. This is the server that the PortServer queries first. If this server is down or busy, the PortServer queries the secondary server (if there is one).
run	on - enables RADIUS authentication. off - disables RADIUS authentication. The default is off.
secondary	Specifies the IP address of a secondary RADIUS server.
secret	Specifies a password used for encryption of messages between the RADIUS server and the PortServer. The server and the PortServer must use the same password. The primary and the secondary servers are not required to use the same password. If they are different, however, you must issue two set radius commands, one to configure the primary RADIUS server and one to configure the secondary server. See the command examples for more information.
tolerant	on - ignores unrecognized RADIUS attributes. off - connection is denied if unrecognized RADIUS attributes are present. The default is on.

Command Examples

Displaying RADIUS Configuration Status

In this example, the set radius command displays the status of the current RADIUS configuration.

set radius

Configuring a Primary RADIUS Server

In this example the set radius command configures PortServer TS 8/16 to use a primary RADIUS server.

set radius run=on primary=199.150.150.10 secret=xyyzzz

Configuring Two RADIUS Servers

In this example, the first set radius command configures the primary RADIUS server. The second set radius command configures the secondary server. Two commands are required because the two servers use different passwords (secret field).

set radius run=on primary=199.150.150.10 secret=xyyzzz

set radius run=on secondary=199.150.150.22 secret=abbccc