Enabling Radsec on RADIUS Servers

Conventional RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  protocol offers limited security. This level of limited security is not sufficient for authentication that takes place across unsecured networks such as the Internet. To address this, the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  over TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.  or Radsec enhancement is introduced to ensure RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  authentication and accounting data is transmitted safely and reliably across insecure networks. The default destination port for RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  over TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. is TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. /2083. Separate ports are not used for authentication, accounting, and dynamic authorization Dynamic authorization refers to the ability to make changes to a visitor account’s session while it is in progress. This might include disconnecting a session or updating some aspect of the authorization for the session. changes.

In a TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. connection, both the managed device (TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. client) and the Radsec server (TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. server) need to authenticate each other using certificates. For the managed device to authenticate the Radsec server:

If neither of these certificates are configured, the managed device does not try to establish any connection with the Radsec server, even if Radsec is enabled.

The managed device must also send a TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. client certificate to the Radsec server by uploading a certificate on Mobility Conductor as ServerCert and configuring Radsec to accept and use the certificate. If a certificate is not configured, Mobility Conductor uses the device certificate in its TPM Trusted Platform Module. TPM is an international standard for a secure cryptoprocessor, which is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices.. In this case, the Aruba device CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. that signed the certificate should be configured as a Trusted CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. on the Radsec server.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure Radsec on RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server:

(host) [mynode] (config) #aaa authentication-server radius <rad_server_name>

enable-radsec

radsec-client-cert-name <name>

radsec-port <radsec-port>

radsec-trusted-cacert-name <radsec-trusted-ca>

radsec-trusted-servercert-name <name>

To upload certificates through the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions., see Managing Certificates.

RADIUS Server VSAs

VSAs are a method for communicating vendor-specific information between Network Access Servers and RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  servers, allowing vendors to support their own extended attributes. You can use Aruba VSAs to derive the user role and VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. for RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. -authenticated clients; however the VSAs must be present on your RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server. This requires that you update the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  dictionary file with the vendor name (Aruba) and/or the vendor-specific code (14823), the vendor-assigned attribute number, and the attribute format (such as string or integer) for each VSA Vendor-Specific Attribute. VSA is a method for communicating vendor-specific information between NASs and RADIUS servers.. For more information on VSA Vendor-Specific Attribute. VSA is a method for communicating vendor-specific information between NASs and RADIUS servers.-derived user roles, see Workflow for Assigning a User Role.

For the current and complete list of all RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  VSAs available in the version of ArubaOS currently running on your Mobility Conductor, access the command-line interface and issue the command show aaa radius-attributes.

Bandwidth-VSAs

The managed device can dynamically assign per-user or per-group bandwidth rate on Layer 3 authenticated clients based on the direction from RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server. To direct the managed device to enforce bandwidth rates for specific clients after successful Captive-Portal authentication, three RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Vendor-Specific Attributes named Bandwidth-VSAs are added in the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Access-Accept Response from the RADIUS server indicating successful authentication and containing authorization information. packet.

The following table defines the Bandwidth-VSAs.

Table 1: Bandwidth-VSAs

VSA

Type Value

Description

Nomadix-Group-Bw-Policy-ID

Integer

19

Set to zero for per-client, else the group-ID for per-group.

 

WISPr Wireless Internet Service Provider Roaming. The WISPr framework enables the client devices to roam between the wireless hotspots using different ISPs.-Bandwidth-Max-Up

Integer

7

Upstream bandwidth rate in bits per second.

 

WISPr Wireless Internet Service Provider Roaming. The WISPr framework enables the client devices to roam between the wireless hotspots using different ISPs.-Bandwidth-Max-Down

Integer

8

Downstream bandwidth rate in bits per second.

 

Vendor ID

Integer

8

ID of the vendor.

The server-redirected bandwidth control feature supports only D-tunnel and controller wired clients.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command checks the Dynamic Bandwidth Contracts currently assigned:

(host) # show aaa bandwidth-contracts dynamic

Customizing the RADIUS Attributes

Users can configure RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  modifier profile to customize the attributes that are included, excluded and modified in the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  request before it is sent to the authentication server. The RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  modifier profile can be configured and applied to either Access- Request or Accounting-Request RADIUS packet type sent to a RADIUS server containing accounting summary information. or both on a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  authentication or accounting server.

This profile can contain up to 64 RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  attributes with static values that are used either to add or update in the request and another 64 RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  attributes to be excluded from the Requests.

Two new parameters have been added in the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  modifier profile :

You can create a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  modifier profile to customize the attributes that are included, excluded and modified in the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  request before it is sent to the authentication or accounting server.

The following procedure describes how to create a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  modifier profile and customize the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  attributes:

  1. In the Mobility Conductor node hierarchy, navigate to the Configuration > System > Profiles tab.
  2. Under All Profiles, expand Wireless LAN.
  3. Click Radius Modifier.
  4. Under the Radius Modifier Profile: New Profile, click + to add a Radius modifier profile. Enter the Profile name.
  5. In +Attr field, click + and select a name from Name drop-down list box and set the Type to Static and enter the Static_val.Click OK. The name field should be available in the list of attributes when we configure the command, show aaa radius-attribute command
  6. In the -Attr field, click + and select the name of the attribute you want to exclude from -attr drop-down list box and click OK.
  7. Click Submit.
  8. Click Pending Changes.
  9. In the Pending Changes window, select the check box and click Deploy changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands create a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  modifier profile and customize the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  attributes:

(host) [md] (config) #aaa authentication-server radius radius1

(host) [md] (RADIUS Server "radius1) #

acct-modifier

acctport

auth-modifier

authport

(host) [md] (config) #aaa radius modifier <profile_name>

clone

exclude

include

no

(host) [md] #show aaa radius modifier <profile_name>

Dynamic Data Support

Support for dynamic data for the included attributes in the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Attribute modifier is supported. Users can configure the dynamic value for each included attribute in the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  modifier to be one or two data items. Following data items can be picked to form the dynamic value for each included attribute:

Field1 and Field2 have the same value but these can be used for different combination with the delimiter. This included attribute are of type String and can contain up to 128 bytes.

The following procedure describes how to configure a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  modifier profile with single-item dynamic data:

  1. In the Mobility Conductor node hierarchy, navigate to the Configuration > Systems > Profiles tab.
  2. Under All Profiles, expand Wireless LAN.
  3. Click Radius Modifier.
  4. In the Radius Modifier Profile: New Profile, click + to add a new radius modifier profile.  Enter Profile name.
  5. Click + in +Attr field and select a name from the Name drop-down list and set the Type to dynamic.
  6. Select the first dynamic field from the D_field1 drop-down list.
  7. (Optional) Select the second dynamic field from the D_field2 drop-down list.
  8. Select the delimiter from the D_delimiter drop-down list.
  9. Click OK.
  10. Click Submit
  11. Click Pending Changes.
  12. In the Pending Changes window, select the check box and click Deploy changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  modifier profile with single-item dynamic data, :

(host)(config) #aaa radius modifier dynamic-mod

(host) (Radius Modifier Profile "dynamic-mod") #?

clone Copy data from another Radius Modifier Profile

exclude Attribute to be excluded in RADIUS request

include Attribute/Value to be included in RADIUS request

no Delete Command

 

(host) (Radius Modifier Profile "dynamic-mod") #include ?

<name> RADIUS Attribute Name

 

(host) (Radius Modifier Profile "dynamic-mod") #include Aruba-Location-Id ?

dynamic First dynamic field

static Static Data

 

(host) (Radius Modifier Profile "dynamic-mod") #include Aruba-Location-Id dynamic ?

ap-group1 Use AP group as first dynamic field

ap-macaddr1 Use AP mac address as first dynamic field

ap-name1 Use AP name as first dynamic field

essid1 Use essid as first dynamic field

user-vlan1 Use user's current VLAN-ID as first dynamic field

 

(host) (Radius Modifier Profile "dynamic-mod") #include Aruba-Location-Id dynamic ap-name1

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  modifier profile with two-item dynamic data:

(host) (Radius Modifier Profile "dynamic-mod") #include Aruba-Location-Id dynamic ?

ap-group1 Use AP group as first dynamic field

ap-macaddr1 Use AP mac address as first dynamic field

ap-name1 Use AP name as first dynamic field

essid1 Use essid as first dynamic field

user-vlan1 Use user's current VLAN-ID as first dynamic field

 

(host) (Radius Modifier Profile "dynamic-mod") #include Aruba-Location-Id dynamic essid1 ?

with Optional second dynamic field

 

(host) (Radius Modifier Profile "dynamic-mod") #include Aruba-Location-Id dynamic essid1 with ?

ap-group2 Use AP group as second dynamic field

ap-macaddr2 Use AP mac address as second dynamic field

ap-name2 Use AP name as second dynamic field

essid2 Use essid as second dynamic field

user-vlan2 Use user's current VLAN-ID as first dynamic field

 

(host) (Radius Modifier Profile "dynamic-mod") #include Aruba-Location-Id dynamic essid1 with ap-macaddr2 ?

delimiter Delimiter between fields

 

(host) (Radius Modifier Profile "dynamic-mod") #include Aruba-Location-Id dynamic essid1 with ap-macaddr2 delimiter ?

at Use '@' as delimiter between fields

colon Use ':' as delimiter between fields

dash Use '-' as delimiter between fields

dollar Use '$' as delimiter between fields

hash Use '#' as delimiter between fields

none NULL

percent Use '%' as delimiter between fields

semicolon Use ';' as delimiter between fields

slash Use '/' as delimiter between fields

space Use ' ' as delimiter between fields

 

(host) (Radius Modifier Profile "dynamic-mod") #include Aruba-Location-Id dynamic essid1 with ap-macaddr2 delimiter at ?

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command shows a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  modifier profile with a mix of static and dynamic data:

(host) (config) #show aaa radius modifier dynamic-mod

Radius Modifier Profile

-----------------------

Action Attribute Name Data Type Data Value

------ -------------- --------- ----------

+Attr Aruba-Location-Id dynamic essid1 with ap-macaddr2 delimiter at

+Attr BW-Area-Code static "212"

+Attr BW-City-Name static "San Jose"

+Attr Aruba-AP-Group dynamic ap-group1

-Attr Aruba-Device-Type

Dynamically Assign VLAN-ID to NAS-Port

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command configures a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  modifier to assign the client's VLAN-ID to the NAS Network Access Server. NAS provides network access to users, such as a wireless AP, network switch, or dial-in terminal server. -Port RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  attribute:

(host) [mode] (config) # aaa radius modifier "Hilton-Eleven"

include "NAS-Port-ID" dynamic user-vlan1

!

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command assigns the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  modifier to a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  authentication server:

(host) [mode] (config) #aaa authentication-server radius "eleven-server"

.....

auth-modifier "Hilton-Eleven”

.....

!

RADIUS Server Authentication Codes

A configured RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server returns the following standard response codes:

Table 2: RADIUS Authentication Response Codes

Code

Description

0

Authentication OK.

1

Authentication failed : user/password combination not correct.

2

Authentication request timed out : No response from server.

3

Internal authentication error.

4

Bad Response from RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server : verify shared secret is correct.

5

No RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  authentication server is configured.

6

Challenge from server (This does not necessarily indicate an error condition).

RADIUS Server Fully Qualified Domain Names

If you define a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server using the FQDN Fully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet. of the server rather than its IP address, the managed device periodically generates a DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. request and caches the IP address returned in the DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. response. To view the IP address that currently correlates to each RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server FQDN Fully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet., access the command-line interface in config mode and issue the show aaa fqdn-server-names command.

DNS Query Intervals

If you define a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server using the FQDN Fully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet. of the server rather than its IP address, the managed device periodically generates a DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. request and caches the IP address returned in the DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. response. DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. requests are sent every 15 minutes by default.

You can use either the WebUI or the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. to configure how often a DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. request is generated to cache the IP address for a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server identified via its FQDN Fully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet..

The following procedure describes how to configure DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. query intervals:

  1. In the Mobility Conductor node hierarchy, navigate to the Configuration > Authentication > Advanced page.
  2. Expand the DNS Query Interval accordion, enter a new DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. query interval from 1-1440 minutes, in the DNS Query Interval (min) field.
  3. Click Submit.
  4. Click Pending Changes.
  5. In the Pending Changes window, select the check box and click Deploy changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command configures DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. query intervals:

(host) [mynode] (config) #aaa dns-query-interval <minutes>