RADIUS Parameters

The RADIUS parameters are described in the table below.

RADIUS Parameters

Parameter

Description

General RADIUS Parameters

'Enable RADIUS Access Control'

configure system > radius settings > enable

[EnableRADIUS]

Enables the RADIUS application.

[0] Disable (default)
[1] Enable

Note: For the parameter to take effect, a device restart is required.

'RADIUS VSA Vendor ID'

configure system > radius settings > vsa-vendor-id

[RadiusVSAVendorID]

Defines the vendor ID that the device accepts when parsing a RADIUS response packet.

The valid range is 0 to 0xFFFFFFFF. The default is 5003.

[MaxRADIUSSessions]

Defines the number of concurrent calls that can communicate with the RADIUS server (optional).

The valid range is 0 to 240. The default is 240.

'RADIUS Packets Retransmission'

[RADIUSRetransmission]

Defines the number of RADIUS retransmission retries when no response is received from the RADIUS server. See also the [RadiusTo] parameter.

The valid range is 1 to 10. The default is 1.

'RADIUS Response Time Out'

[RadiusTo]

Defines the time interval (in seconds) that the device waits for a response before it performs a RADIUS retransmission. See also the [RADIUSRetransmission] parameter.

The valid range is 1 to 30. The default is 2.

configure system > radius settings > rad-pap-req-msg-auth-tx

[RadiusPapRequireMsgAuthTx]

Enables the device (for PAP protocol used for user login) to always include RADIUS attribute 80 (Message-Authenticator) in outgoing RADIUS request messages (Access-Request packets) sent to the RADIUS server.

[0] = (Default) The device doesn't include the attribute.
[1] = The device includes the attribute.

For more information, see Securing RADIUS Messages with Message-Authenticator Attribute.

configure system > radius settings > rad-req-msg-auth-rx

[RadiusRequireMsgAuthRx]

Enables the requirement of RADIUS attribute 80 (Message-Authenticator) in incoming RADIUS messages from the RADIUS server.

[0] = (Default) The device doesn't require the attribute.
[1] = The device requires the attribute. If the attribute is not present, the device discards the incoming RADIUS message and denies user login.

For more information, see Securing RADIUS Messages with Message-Authenticator Attribute.

RADIUS Accounting Parameters

'RADIUS Accounting Type'

configure voip > sip-definition settings > radius-accounting

[RADIUSAccountingType]

Defines at what stage of the call RADIUS accounting messages are sent to the RADIUS accounting server.

[0] At Call Release = (Default) Sent at call release only.
[1] At Connect & Release = Sent at call connect and release.
[2] At Setup & Release = Sent at call setup and release.

'AAA Indications'

configure system > cdr > aaa-indications

[AAAIndications]

Enables the Authentication, Authorization and Accounting (AAA) indications.

[0] None = (Default) No indications.
[3] Accounting Only = Only accounting indications are used.

RADIUS User Authentication Parameters

'Use RADIUS for Web/Telnet Login'

configure system > radius settings > enable-mgmt-login

[WebRADIUSLogin]

Enables RADIUS queries for Web and Telnet login authentication. When enabled, logging into the device's Web and Telnet embedded servers is done through a RADIUS server. The device communicates with a user-defined RADIUS server and verifies the given username and password against a remote database in a secure manner.

[0] Disable (default)
[1] Enable

Note:

For RADIUS login authentication to function, you must also configure the [EnableRADIUS] parameter to 1 (Enable).
RADIUS authentication requires HTTP basic authentication, where the username and password are transmitted in clear text over the network. Therefore, it's recommended to set the [HTTPSOnly] parameter to 1 to force the use of HTTPS, since the transport is encrypted.

'Password Local Cache Mode'

configure system > radius settings > local-cache-mode

[RadiusLocalCacheMode]

Defines the device's mode of operation regarding the timer, configured by the [RadiusLocalCacheTimeout] parameter, which determines the validity of the username and password (verified by the RADIUS server).

[0] Absolute Expiry Timer = When you access a Web page, the timeout doesn't reset, instead it continues decreasing.
[1] Reset Timer Upon Access = (Default) Upon each access to a Web page, the timeout always resets (reverts to the initial value configured by the [RadiusLocalCacheTimeout] parameter).

'Password Local Cache Timeout'

configure system > radius settings > local-cache-timeout

[RadiusLocalCacheTimeout]

Defines the duration (in seconds) that the locally stored username and password (verified by the RADIUS server) are valid. When this timeout expires, the username and password become invalid and must be re-verified with the RADIUS server.

The valid range is 1 to 0xFFFFFF. The default is 900 (15 minutes).

[-1] = Never expires.
[0] = Each request requires RADIUS authentication.

'RADIUS VSA Access Level Attribute'

configure system > radius settings > vsa-access-level

[RadiusVSAAccessAttribute]

Defines the code that indicates the access level attribute in the Vendor Specific Attributes (VSA) section of the received RADIUS packet.

The valid range is 0 to 255. The default is 35.