Cisco Systems OL-15491-01 Configuration mode for this command changed from module CSG, 133

Appendix A CSG2 Command Reference

ip csg radius proxy

The source port is arbitrarily chosen by the CSG2, and the destination port remains unchanged. When a message is received from the network and forwarded to the subscriber, the source IP address is the csg-address, and the source port remains unchanged. The source IP address and port are taken from the destination IP address and port in the original message from the subscriber.

You can configure an optional RADIUS key. If you configure a key, the CSG2 parses and acts on the message only if the RADIUS authenticator is correct. If the key is not configured, the CSG2 always parses the message. Whether you configure a key or not, and whether it is correct or not, the CSG2 always forwards the message.

You can specify up to 64 ip csg radius proxy commands.

You can also configure an optional RADIUS key.

•If you configure a RADIUS key, the CSG2 parses and acts on a message only if the RADIUS Authenticator is correct.

•If you do not configure a RADIUS key, the CSG2 always parses and forwards every message.

You can specify more than one RADIUS key by specifying more than one ip csg radius proxy command, but each command must specify a unique CSG2 IP address (or IP address-VRF name combination, if VRF is configured).

All RADIUS messages are forwarded, unless the IP or User Datagram Protocol (UDP) headers specify a length larger than the physical packet size.

CSG2 User Table entries created as a result of RADIUS messaging through the ip csg radius endpoint definition with a VRF configured are indexed by the configured sub-vrf-name. This enables the CSG2 to segment the subscriber space and removes ambiguity if multiple subscribers share the same IP address, provided that their entries were instantiated by RADIUS flows to CSG2 radius definitions bound to different VRFs. If the sub-vrf-nameis not configured, the User Table entries are indexed via the global routing table.