VRF support for RADIUS authentication
An overview of VRF support for RADIUS authentication and configuration examples.
RADIUS must run on a single routing instance. If you configure a RADIUS server without specifying the routing instance, the RADIUS server starts in the default routing instance. If you specify a nondefault routing instance, you must verify that all servers configured for AAA with the RADIUS server are accessible by way of the same routing instance.
- routing instance = BLUE
- radius-server-address = 42.42.42.42
- secret-code = secured
- port-no = 1820
- timeout = 2
vyatta@R1# set system login radius-server 42.42.42.42
vyatta@R1# set system login radius-server 42.42.42.42 secret secured
vyatta@R1# set system login radius-server 42.42.42.42 port 1820
vyatta@R1# set system login radius-server 42.42.42.42 timeout 2
vyatta@R1# commit
vyatta@R1# run show configuration
system {
login {
radius-server 42.42.42.42 {
secret secured
port 1820
timeout 2
}
}
}
The following example shows the same configuration sequence for the BLUE routing instance.
vyatta@R1# set routing routing-instance BLUE system login radius-server 42.42.42.42
vyatta@R1# set routing routing-instance BLUE system login radius-server 42.42.42.42 secret secured
vyatta@R1# set routing routing-instance BLUE system login radius-server 42.42.42.42 port 1820
vyatta@R1# set routing routing-instance BLUE system login radius-server 42.42.42.42 timeout 2
vyatta@R1# commit
vyatta@R1# run show configuration
vyatta@R1# routing {
routing-instance BLUE {
system {
login {
radius-server 42.42.42.42 {
secret secured
port 1820
timeout 2
}
}
}
}
}
For more information about RADIUS and configuring RADIUS, see Ciena Vyatta Network OS Basic System Configuration Guide.