configure mobile-gateway profile radius command descriptions
radius
Syntax
- [no] radius profile-name
Context
- [Tree] configure mobile-gateway profile radius
Description
This command creates a named RADIUS profile.
The no form of this command removes the profile from the configuration.
Parameters
- profile-name
- specifies the profile name, up to 32 characters
acct-retry-count
Syntax
- acct-retry-count value
- no acct-retry-count
Context
- [Tree] configure mobile-gateway profile radius acct-retry-count
Description
This command sets a limit to the number of times the system attempts to retry sending a RADIUS accounting message to the server. When this limit is reached, the server is considered to be dead and another server is selected. This command requires a shutdown and a no shutdown action in the RADIUS group peer definition associated with the RADIUS profile before the change is effective for a RADIUS server peer.
- The system waits for a few more seconds (≤20) before finally marking the peer as dead to smooth out fluctuations caused by temporary effect such as network congestion or server overload.
- For a single message, the system only tries up to three peers, regardless of the number of peers in the RADIUS group. After the three peers have been exhausted (or less if the RADIUS group has less than three peers) the system will declare a final timeout for that message and discard it.
Parameters
- value
- the number of times the system attempts to send a RADIUS accounting message to the server
acct-retry-timeout
Syntax
- acct-retry-timeout seconds
- no acct-retry-timeout
Context
- [Tree] configure mobile-gateway profile radius acct-retry-timeout
Description
This command sets the interval, in seconds, between retries for RADIUS accounting messages. This command requires a shutdown and a no shutdown action in the RADIUS group peer definition associated with the RADIUS profile before the change is effective for a RADIUS server peer.
The no form of this command reverts to the default.
Parameters
- seconds
- specifies the interval, in seconds, between retries
apn-acct-on-off-initial-interval
Syntax
- apn-acct-on-off-initial-interval value
- no apn-acct-on-off-initial-interval
Context
- [Tree] configure mobile-gateway profile radius apn-acct-on-off-initial-interval
Description
This command configures the initial interval between sending RADIUS accounting ON and OFF messages to the accounting servers. It can be used to fine-tune the initial messaging sequence. The configuration applies to all servers within the RADIUS group regardless of peer priorities. Retries are only sent to other servers if the current server doesn't respond within the specified time interval. This command is effective only if the config mobile pdn radius accounting-on-off-level command is set to value apn. This command is effective only if wait-for-ack is configured in the context config mobile pdn apn radius-accounting-on-off.
The no form of this command reverts to the default.
Parameters
- value
- specifies the time interval, in seconds, between sending RADIUS accounting ON and OFF messages to the accounting servers
apn-acct-on-retry-interval
Syntax
- apn-acct-on-retry-interval value
- no apn-acct-on-retry-interval
Context
- [Tree] configure mobile-gateway profile radius apn-acct-on-retry-interval
Description
This command configures the retry interval between RADIUS accounting ON messages per peer server. The timeout is counted from the first message sent toward this particular server. This command is effective only if the config mobile pdn radius accounting-on-off-level command is set to value apn. This command is effective only if the config mobile pdn apn radius-accounting-on-off wait-for-ack is configured.
The no form of this command reverts to the default.
Parameters
- value
- specifies the time interval, in seconds, between RADIUS accounting ON messages per peer server
auth-probe-interval
Syntax
- auth-probe-interval value
- no auth-probe-interval
Context
- [Tree] configure mobile-gateway profile radius auth-probe-interval
Description
This command sets the interval at which the system send authentication probe messages to an authentication server. An authentication probe is a “fake” Access-Request message for a certain username and password. If the server is responds to the Access-Request (even with an Access-Reject) the server will be considered operational. The authentication probe messages will not be sent to servers that are used for accounting only. This command requires a shutdown and a no shutdown action in the RADIUS group peer definition associated with the RADIUS profile before the change is effective for a RADIUS server peer.
Parameters
- seconds
- specifies the time interval, in seconds, at which the system sends authentication probe messages to an authentication server
auth-retry-count
Syntax
- auth-retry-count value
- no auth-retry-count
Context
- [Tree] configure mobile-gateway profile radius auth-retry-count
Description
This command sets a limit to the number of times the system attempts to retry sending a RADIUS authentication message to the server. When this limit is reached, the server is considered to be dead and another server is selected. This command requires a shutdown and a no shutdown action in the RADIUS group peer definition associated with the RADIUS profile before the change is effective for a RADIUS server peer.
- The system waits for a few more seconds (≤20) before finally marking the peer as dead to smooth out fluctuations caused by temporary effect such as network congestion or server overload.
- For a single message, the system only tries up to three peers, regardless of the number of peers in the RADIUS group. After the three peers have been exhausted (or less if the RADIUS group has less than three peers) the system will declare a final timeout for that message and discard it.
Parameters
- value
- specifies the number of times the system attempts to send a RADIUS authentication message to the server
auth-retry-timeout
Syntax
- auth-retry-timeout seconds
- no auth-retry-timeout
Context
- [Tree] configure mobile-gateway profile radius auth-retry-timeout
Description
This command sets the interval, in seconds, between retries for RADIUS authentication. This command requires a shutdown and a no shutdown action in the RADIUS group peer definition associated with the RADIUS profile before the change is effective for a RADIUS server peer.
The no form of this command reverts to the default.
Parameters
- seconds
- specifies the interval, in seconds, between retries
deadtime
Syntax
- deadtime deadtime [drop-acct-messages] [send-auth-messages]
- no deadtime
Context
- [Tree] configure mobile-gateway profile radius deadtime
Description
When the system fails to reach a particular server after a configurable number of retries, the server is marked dead and another server is selected. This command sets the time that a server continues to be considered dead before the system attempts to use it for normal authentication or accounting requests.
Once the dead-timer expires the system may once again send the server authentication or accounting messages. The server is subject to the retry-timeout and retry-count mechanism to determine if the server is still in the failed state. If all servers are unreachable (operating state down), for authentication purposes, the system immediately declares an authentication failure. For accounting purposes, the system attempts to send messages to the highest priority server even if it is during the dead time period. It is possible to separately configure the system to also drop accounting messages destined for a dead server.
The no form of this command reverts to the default.
Parameters
- deadtime
- specifies the time interval that a server is considered dead, in seconds
- drop-acct-messages
- specifies to drop accounting messages, if no servers are currently reachable
- send-auth-messages
- specifies to attempt sending messages to the highest priority server, even if it is during the dead time period, in case all servers are unreachable (operating state down)
description
Syntax
- description long-description-string
- no description
Context
- [Tree] configure mobile-gateway profile radius description
Description
This command associates a text string with a configuration context to help identify the content in the configuration file.
The no form of this command removes the description from the configuration.
Parameters
- long-description-string
- Specifies the description string, up to 80 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
max-peer-reselections
Syntax
- max-peer-reselections count [wrap]
- no max-peer-reselections
Context
- [Tree] configure mobile-gateway profile radius max-peer-reselections
Description
This command specifies the number of times in total a peer can be reselected after exhausting the retries toward the currently selected peer. The maximum number of re-selections is limited to the number of available peers in the RADIUS group. By default, for a single message, the system will only try up to three peers, regardless of the number of peers in the RADIUS group. After all the three peers have been exhausted (or less if the RADIUS group has less than three peers), the system will declare a final timeout for that message and will discard it. When the transaction-based-load-balancing command is enabled for the RADIUS group, the server selection can wrap around since the retries are going to different servers. If the parameter wrap is specified, the system tries up to the configured count, possibly wrapping around back to the original selected server, once all other available servers have been tried already. If this parameter is not specified, the maximum amount of re-selections is limited to the number of available peers in the RADIUS group.
The no form of this command reverts to the default.
Parameters
- count
- specifies the number of times a peer can be reselected
- wrap
- specifies if the system tries the configured count, wrapping around back to the original selected server, once all other available servers are tried