You are here: Home > CLI Commands > Just_CLI_Topics > ip radius

ip radius

ip radius

nas-ip {nas-vlan <nasvlan>|<A.B.C.D>}

rfc-3576-server udp-port <0-65535>

source-interface {loopback|vlan <1-4094>}

Description

This command configures global parameters for RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  servers.

Syntax

Parameter

Description

Range

Default

nas-ip

A global Network Access Server (NASNetwork Access Server. NAS provides network access to users, such as a wireless AP, network switch, or dial-in terminal server. ) IP address to send in RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  packets. This configuration supersedes the server-specific NASNetwork Access Server. NAS provides network access to users, such as a wireless AP, network switch, or dial-in terminal server. IP configured with the aaa authentication-server radius command.

nas-vlan

Configure the NASNetwork Access Server. NAS provides network access to users, such as a wireless AP, network switch, or dial-in terminal server. VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. to be used as the NASNetwork Access Server. NAS provides network access to users, such as a wireless AP, network switch, or dial-in terminal server. IP address.

A.B.C.D

Configure the NASNetwork Access Server. NAS provides network access to users, such as a wireless AP, network switch, or dial-in terminal server. IP address.

rfc-3576-server udp-port <0-65535>

Configures the UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. port to receive requests from a RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server that can send user disconnect and change-of-authorization messages, as described in RFCRequest For Comments. RFC is a commonly used format for the Internet standards documentss. 3576, “Dynamic Authorization Extensions to Remote Dial In User Service (RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. )”. See the aaa rfc-3576-server command to configure the server.

0-65535

3799

source-inter
face

Interface for all outgoing RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  packets. The IP address of the specified interface is included in the IP header of RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  packets. The interface can be one of the following:

loopback

Use the IP address of the loopback interface.

vlan

Use the IP address of the VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN..

1-4094

Usage Guidelines

This command configures global RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server parameters. If the aaa authentication-server radius command configures a server-specific NASNetwork Access Server. NAS provides network access to users, such as a wireless AP, network switch, or dial-in terminal server. IP, the server-specific IP address is used instead.

Example

The following command configures a global NASNetwork Access Server. NAS provides network access to users, such as a wireless AP, network switch, or dial-in terminal server. IP address sent in RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  packets:

(host) [mynode] (config) #ip radius nas-ip 192.168.1.245

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platform

License

Command Mode

All platforms

The ip radius rfc-3576-server udp-port command requires the PEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license. Other commands are available in the base operating system.

Config mode on Mobility Master.

/*]]>*/