How to Configure RADIUS Authentication on Cisco Viptela vEdge/cEdge devices
Today I am going to talk about the RADIUS and TACACS+ Authentication configuration on the Cisco vEdges/cEdges devices. We will talk about RADIUS Authentication first and then we will talk about TACACS+ Authentication in our next article.
Configure RADIUS Authentication
For RADIUS Server we need its IP address and a password or key. we can specify the key as a clear text string up to 32 characters long or as an AES 128-bit encrypted key. The local device passes the key to the RADIUS server.
Fig 1.1- Cisco vManage Auth Console |
The password must match the one used on the server. To configure more than one RADIUS server, include the server and secret-key commands for each server.
RADIUS SERVER Priority
We can also set the priority of a RADIUS server among multiple RADIUS servers. The priority can be a value from 0 through 7. A server with a lower priority number is given priority over one with a higher number.
RADIUS Server Ports
By default, the Cisco vEdge/cEdge device uses port 1812 for authentication connections to the RADIUS server and port 1813 for accounting connections. To change these port numbers, use the auth-port and acct-port commands. If the RADIUS server is reachable via a specific interface, configure that interface with the source-interface command.
Make sure you configure the Server VPN number if the vEdge/cEdge is in different VPN than the RADIUS Server. If you configure multiple RADIUS servers, they must all be in the same VPN.
When a vEdge/cEdge device is trying to locate a RADIUS server, it goes through the list of servers three times. To change this, use the retransmit command, setting the number to a value from 1 to 1000:
When waiting for a reply from the RADIUS server, a Viptela device waits 3 seconds before retransmitting its request. To change this time interval, use the timeout command, setting a value from 1 to 1000 seconds:
On Cisco ISE, you need to put the policy in place for RADIUS server
Fig 1.2- Cisco ISE AUTH Profile |