Authentication
Syntax | Description |
Alias | Adding the alias parameter to the end of the auth add radius |
| command will configure the SMS to receive RADIUS response |
| packets from an IP address other that the IP address configured as |
| the RADIUS server. |
Multiple RADIUS Servers
Default
Older versions of SMS used UDP port 1645 for RADIUS authentication requests and 1646 for RADIUS accounting requests by default.
New versions of SMS will continue to use those same ports for previously configured RADIUS servers when upgraded from previous versions.
However, new RADIUS servers will be configured with port 1812 for RADIUS authentication and port 1813 for RADIUS accounting by default.
The default retrans is 5.
The default retrans-primary-only is 2.
The default timeout is 30 seconds.
The default deadtime is 0 minutes (disabled)
Usage Guidelines
Note Select a shared secret as you would a password.
Example
This example configures the SMS2000 to authenticate subscribers in the current group using the RADIUS server at 192.168.254.249.
sms2000% auth add radius 192.168.254.249 secret donttell retrans=3
Alias IP address
If the RADIUS servers are configured with a virtual interface, the RADIUS response packets will be transmitted to the SMS on a different interface than the request packet was received. The SMS will reject the packets since it did not arrive with the expected source IP address. Setting an alias IP address allows the SMS to receive the RADIUS response from a different source IP. You must configure the alias IP parameter after configuring the RADIUS server.
For example;
auth add radius 192.168.1.249 secret donttell auth add radius 10.1.1.50 alias
The above two commands will cause the SMS to send the RADIUS request to 192.168.1.249 and receive the RADIUS response from both 192.168.1.249 and 10.1.1.50.
TUT Systems, Inc | Page 54 of 104 | P/N |