radius
This backend acts as a RADIUS proxy, forwarding authentication requests to other RADIUS servers.
Example configuration of a RADIUS proxy backend:
radius "RADIUS_PROXY_EXAMPLE_ORG" {
# backend server selection
server-selection round-robin;
server "radius1.example.org" {
# RADIUS shared secret
secret "ExampleSecret";
# Request timeout (supports duration units like 7s, 5m, 1h)
timeout 7s;
# how many times to retry the request
retries 0;
# use status-server polling
# true = on, false = off
status false;
# how many sockets/connections at maximum to open
#connections 16;
connect {
# transport protocol: udp/tcp/tls
protocol udp;
# server's IP address
ip 203.0.113.111;
# alternatively server's hostname
#hostname radius1.example.org;
# destination UDP port
port 1812;
# Optional: receive and send buffer size in bytes
#buffer 1048576;
} # connect
} # server
server "radius2.example.org" {
secret "ThisIsAnExampleSecret";
timeout 7s;
retries 0;
status false;
connect {
protocol udp;
ip 203.0.113.112;
#hostname radius2.example.org;
port 1812;
buffer 1048576;
} # connect
} # server
# Modify/filter RADIUS request before proxying
pre-proxying {
# filter the following attributes before proxying
filter {
#cisco-avpair;
Tunnel-Type;
Tunnel-Medium-Type;
Tunnel-Private-Group-ID;
}
# modify the following attributes before proxying
modify {
radiusproxy.request.attr.Operator-Name := "4EXAMPLE_COM:FI";
}
} # pre-proxying
# Modify/filter RADIUS reply
post-proxying {
filter {
# filter all vendor specific attributes
#vendor-specific;
#cisco-avpair;
# filter attributes for VLAN assignment
Tunnel-Type;
Tunnel-Medium-Type;
Tunnel-Private-Group-ID;
} # filter
} # post-proxying
} # radius "RADIUS_PROXY_EXAMPLE_ORG"
Navigation