| Protocol |
| Type of authentication server. To configure the radius authentication use authentication(1), for radius accounting accounting(2), for user authentication on login shell login(3), for extended authentication (XAUTH) with IPSec xauth(6) and other special IPSEC requests(4). Enumerations: - authentication (1)
- accounting (2)
- login (3)
- ipsec (4)
- wpa802-1x (5)
- xauth (6)
|
| Address |
| The Radius Server IP Address. |
| Port |
| The radius server port. Please notice that RFC2138 assigns port 1812 and 1813 for authentication and accounting, respectively. Many Radius servers still use the former assigned port 1645 and 1646 instead. The default value is 1812 and 1813. |
| Secret |
| The shared secret between radius server and Brick. Length: 0 to 255 |
| Priority |
| The radius server with the lowest priority is the first used for request. If there is no response (see also the values Timeout and Retries) the radius server with the next lowest priority will be used. Default value is 0. Range: 0 to 7 |
| Timeout |
| The amount of milliseconds (1/1000s) waiting for an outstanding request. Default is 1000 (1 second). Range: 50 to 50000 |
| Retries |
| The number of retries sent for each request, until the server state is set to inactive. Default value is 1. To prevent the radiusSrvState ever switch to inactive, set this value to 0. Range: 0 to 10 |
| State |
| When operational, the server state is active(1). If the radius server does not respond, its state is set to inactive(2). The administrator can set the state manually to disabled(3), or delete(4) the entry. Enumerations: - active (1)
- inactive (2)
- disabled (3)
- delete (4)
|
| Policy |
| If set to authoritative(1), a negative answer to a request will be accepted. This is not necessarily true when set to non-authoritative(2), where the next radius server will be asked until there is finally an authoritative(1) server configured. Enumerations: - authoritative (1)
- non-authoritative (2)
|
| Validate |
| This additional option is only used for bogus RADIUS servers, which send response messages with a wrong calculated MD5 checksum. All messages generated by the brick, however, will always use the proper authentication scheme. For security reasons, this option should always be set to enabled(1). Enumerations: |
| Dialout |
| This option provides a means for RADIUS dialout configuration. When set to enabled(1), routing information is read into the brick after system startup. This information must be configured in the RADIUS server as dialout-1 to dialout-n, where n is a value of range 1-99. The end is automatically determined when the brick gets a negative response. This means, all entrys must be consecutive. The default value is disabled(2). Enumerations: - enabled (1)
- disabled (2)
- reload (3)
|
| DefaultPW |
| This is the default USER-PASSWORD the brick sends where no password is available (for example, in requests for the calling number or boot requests). Some RADIUS servers rely on a configured USER- or CHAP-PASSWORD for any RADIUS request. The default value is an empty string. Length: 0 to 255 |
| ReloadInterval |
| Reload interval for RADIUS dialout configuration in minutes. The default is 0 (no reload is performed automatically. Range: 0 to 1440 |
| AuthRequests |
| Total number of access requests sent. |
| AuthAccepts |
| Total number of access accepts received. |
| AuthRejects |
| Total number of access rejects received. |
| AuthReqRetrans |
| Total number of retransmitted access requests. |
| AuthReqFailed |
| Total number of failed (not rejected) access requests. |
| AuthReqPending |
| Total number of pending access requests. |
| AcctStarts |
| Total number of accounting starts sent. |
| AcctStops |
| Total number of accounting stops sent. |
| Keepalive |
| Enables the periodicaly keep alive check of 'inactive' (see radiusSrvState) server. Enumerations: |
| GroupId |
| ID for creating logical groups of RADIUS servers to be addressed for RADIUS ACCESS and ACCOUNTING requests. Note: the priority within a defined group is still determined by radiusSrvPriority. Range: 0 to 9 |
| NasLocation |
| Description of the NAS location - to be used for accounting in some vendor-specific modes (see radiusSrvVendorMode). Length: 0 to 255 |
| VendorMode |
| Vendor-specific NAS emulation needed for dedicated customer projects. Enumerations: - default (1)
- emulation-1 (2)
- emulation-2 (3)
|
| AcctOns |
| Total number of accounting 'ON' messages sent. |
| AcctOffs |
| Total number of accounting 'OFF' messages sent. |
| AcctResponses |
| Total number of received accounting response messages. |
| GroupDescr |
| Description for the logical group of RADIUS servers that is identified by radiuSrvGroupId. Length: 0 to 20 |
| NasOspfAreaId |
| OSPF area ID to be used for all temporarily created WAN interfaces associated with this NAS location and RADIUS server context. |