Command Line Interface Reference Guide > The Configuration Menu > /cfg/sys/radius RADIUS Server Configuration
/cfg/sys/radius
RADIUS Server Configuration
 
[RADIUS Server Menu]
prisrv - Set primary RADIUS server address
secsrv - Set secondary RADIUS server address
secret - Set primary RADIUS server secret
secret2 - Set secondary RADIUS server secret
port - Set RADIUS port
retries - Set RADIUS server retries
timeout - Set RADIUS server timeout (seconds)
fwdpass - Enable/disable RADIUS password forwarding
secbd - Enable/disable RADIUS secure backdoor for telnet/ssh/http
     otp      - Enable/disable RADIUS server OTP configuration
     local - Set local Authentication priority
prefer - Prefer Vendor Specific Attribute or last received attribute
on - Turn RADIUS authentication ON
off - Turn RADIUS authentication OFF
cur - Display current RADIUS configuration
 
RADIUS Server Configuration Menu Options (/cfg/sys/radius) 
Command Syntax and Usage
prisrv <IP address (v4 or v6)>
 
Sets the primary RADIUS server address.
The following prompts appear when using this command:
Current primary RADIUS server:
Enter new primary RADIUS server (v4 or v6):
secsrv <IP address (v4 or v6)>
 
Sets the secondary RADIUS server address.
The following prompts appear when using this command:
Current secondary RADIUS server:
Enter new secondary RADIUS server (v4 or v6):
secret <1-32 character secret>
 
This is the shared secret password between Alteon and the primary RADIUS servers.
secret2 <1-32 character secret>
 
This is the shared secret password between Alteon and the secondary RADIUS servers.
port <RADIUS port to configure, default 1645>
 
Enter the number of the UDP port to be configured.
Values: 1500 – 3000
Default: 1645
retries <RADIUS server retries (1-3)>
 
Sets the number of failed authentication requests before switching to a different RADIUS server.
Default: 3 requests
timeout <RADIUS server timeout seconds (1-10)>
 
Sets the time before a RADIUS server authentication attempt is considered to have failed.
Default: 3 seconds
fwdpass disable|enable
 
Enables or disables RADIUS password forwarding.
When enabled, the RADIUS Attribute Value Pair (AVP) contains a CHAP-Password that can be decrypted by a third-party gateway for generating a request to a RADIUS server.
This allows customers using other authentication methods to use the password during authentication with the back-end server.
Default: disabled
secbd disable|enable
 
Enables or disables the RADIUS secure backdoor.
Values:
*enabled —  Default admin can log in from the serial console, Telnet, SSH and WEB UI when the RADIUS server is unavailable.
- noradius can login via CLI using the pre-defined user passwords (see user/slbview/slboper/l4oper/oper/slbadmin/l4admin/admin) gaining the functionality available for the role of the accessed user. No Web UI access is available.
*disabled — There is no access to Alteon until the authorization servers are reachable again.
Default: disabled
otp disable|enable
 
Enables or disables the RADIUS server’s One Time Password (OTP) configuration. RADIUS supports OTP when the server type attribute is received.
Default: disabled
local
 
Specifies that Alteon should first search for the user in the Local User Table, and only if not found/authenticated there to connect to the remote authentication server.
Values: disable, enable
Default: disable
prefer vsa|last
 
Specifies how Alteon retrieves the RADIUS Service-Type parameter value.
Values:
*last — Alteon takes the Service-Type value from the last attribute received from the RADIUS server. This can be a general attribute or vendor-specific, whichever is last in the list.
*vsa — Alteon takes the Service-Type value from the Vendor-Specific attribute irrespective of the order it is received from the RADIUS server.
Default: last
on
 
Enables the RADIUS server.
off
 
Disables the RADIUS server.
cur
 
Displays the current RADIUS server parameters.