You are here: Home > CLI Commands > Just_CLI_Topics > aaa rfc-3576-server

aaa rfc-3576-server

aaa rfc-3576-server <ipaddr>

clone <source>

enable-radsec

event-timestamp-requi..

key <psk>

no ...

replay-protection

window-duration

Description

This command configures a RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server that can send user disconnect, session timeout, and CoAChange of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. messages, as described in RFCRequest For Comments. RFC is a commonly used format for the Internet standards documentss. 3576, Dynamic Authorization Extensions to RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. .

Syntax

Parameter

Description

<ipaddr>

IPv4 or IPv6 address of the server.

clone <source>

Name of an existing RFCRequest For Comments. RFC is a commonly used format for the Internet standards documentss. 3576 server configuration from which parameter values are copied.

enable-radsec

Enable RADSEC for the server.

event-timestamp-required

To enable discard of DAC request, if Event-Timestamp is not present in DAC request. This option will only come into the effect, if replay-protection is enabled.

key <psk>

Shared secret to authenticate communication between the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  client and server.

no

Negates any configured parameter.

replay-protection

Enable replay protection for DAC requests.

window-duration

Number in seconds. Default value is 300. This parameter is used:

- To check stale DAC requests.

- To specify the minimum time-span in seconds between two valid requests with same identifiers, to check replay protection and identify duplicates.

Usage Guidelines

The disconnect, session timeout and change-of-authorization messages sent from the server to managed device contains information to identify the user for which the message is sent. Starting from ArubaOS 8.5.0.0, the managed device also accepts disconnect, session timeout, and CoAChange of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. message requests from IPv6 address based DAC, and identifies user sessions based on the user's IPv6 address. Managed Device supports the following attributes for identifying the users who authenticate with an RFCRequest For Comments. RFC is a commonly used format for the Internet standards documentss. 3576 server:

user-name: name of the user to be authenticated

framed-ip-address: user IPv4 address

framed-ipv6-address: user IPv6 address

calling-station-id: phone number of a station that originated a call

accounting-session-id: unique accounting ID for the user session.

If the authentication server sends both supported and unsupported attributes to managed device, the unknown or unsupported attributes will be ignored. If no matching user is found managed device will send a 503: Session Not Found error message back to the RFCRequest For Comments. RFC is a commonly used format for the Internet standards documentss. 3576 server.

Example

The following command configures an RFCRequest For Comments. RFC is a commonly used format for the Internet standards documentss. 3576 server:

(host) ^[md] (config) aaa rfc-3576-server 10.1.1.245

clone default

key P@$$w0rD;

Related Commands

Command

Description

show aaa state user

View information for a user whose session timeout is altered by a RFCRequest For Comments. RFC is a commonly used format for the Internet standards documentss. 3576 server.

Command History

Release

Modification

ArubaOS 8.5.0.0

The <ipaddr> sub-parameter was updated to also support IPv6 address of the server.

ArubaOS 8.2.0.0

Event-timestamp-required, replay-protection, and window-duration parameters are introduced.

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Config mode on Mobility Master.

/*]]>*/