VRF support for RADIUS authentication
An overview of VRF support for RADIUS authentication and configuration examples.
RADIUS must run on a single routing instance. If you configure a RADIUS server without specifying the routing instance, the RADIUS server starts in the default routing instance. If you specify a nondefault routing instance, you must verify that all servers configured for AAA with the RADIUS server are accessible by way of the same routing instance.
The following examples show excerpts of RADIUS configurations that use these values:
- routing instance = BLUE
- radius-server-address = 42.42.42.42
- secret-code = secured
- port-no = 1820
- timeout = 2
The following example shows how to configure RADIUS for the default routing instance.
vyatta@R1# set system login radius-server 42.42.42.42
vyatta@R1# set system login radius-server 42.42.42.42 secret secured
vyatta@R1# set system login radius-server 42.42.42.42 port 1820
vyatta@R1# set system login radius-server 42.42.42.42 timeout 2
vyatta@R1# commit
vyatta@R1# run show configuration
system {
login {
radius-server 42.42.42.42 {
secret secured
port 1820
timeout 2
}
}
}The following example shows the same configuration sequence for the BLUE routing instance.
vyatta@R1# set routing routing-instance BLUE system login radius-server 42.42.42.42
vyatta@R1# set routing routing-instance BLUE system login radius-server 42.42.42.42 secret secured
vyatta@R1# set routing routing-instance BLUE system login radius-server 42.42.42.42 port 1820
vyatta@R1# set routing routing-instance BLUE system login radius-server 42.42.42.42 timeout 2
vyatta@R1# commit
vyatta@R1# run show configuration
vyatta@R1# routing {
routing-instance BLUE {
system {
login {
radius-server 42.42.42.42 {
secret secured
port 1820
timeout 2
}
}
}
}
}For more information about RADIUS and configuring RADIUS, see Ciena Vyatta Network OS Basic System Configuration Guide.