Chapter 2
Configuring Authentication and Accounting Services
Configuring RADIUS on the ACE
Setting the RADIUS Server Parameters
OL-16202-01
Configuring the ACE as a Client of a RADIUS, TACACS+, or LDAP Server
The ACE supports the RADIUS protocol to communicate with a remote RADIUS
server for authentication and accounting services. This section defines the
configuration of the ACE to operate as a client of a RADIUS server.
This section contains the following topics:
Setting the RADIUS Server Parameters
•
Configuring the RADIUS NAS-IP-Address Attribute
•
Setting the Global RADIUS Server Preshared Key
•
Configuring the Global RADIUS Server Dead-Time Interval
•
•
Setting the Global RADIUS Server Number of Retransmissions
Setting the Global RADIUS Server Timeout Value
•
You can use the radius-server host command to specify the RADIUS server IP
address, encrypted key, destination UDP port, and other options. You can also
define multiple radius-server host commands to configure multiple RADIUS
servers.
The syntax of this command is as follows:
radius-server host ip_address [key shared_secret [0 shared_secret | 7
shared_secret]] [auth-port port_number] [acct-port port_number]
[authentication] [accounting] [timeout seconds] [retransmit count]
The arguments, keywords, and options are as follows:
ip_address —IP address for the RADIUS server. Enter the address in
•
dotted-decimal IP notation (for example, 192.168.11.1).
key—(Optional) Enables an authentication key for communication between
•
the ACE and the RADIUS daemon running on the RADIUS server. The key
is a text string that must match the encryption key used on the RADIUS server.
This key overrides the global setting of the radius-server key command. If
you do not specify a key, the global value is used. RADIUS keys are always
stored in encrypted form in persistent storage. The running configuration also
displays keys in encrypted form.
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
2-25