RADIUS

asternos radius this chapter provides examples of how to configure and manage radius on asternos devices using netconf note radius should be used together with aaa configuration please refer to for aaa configuration examples radius vendor attributes for supporting radius authorization with vendor specific attributes, asternos provides a set of predefined vendor attributes the following table lists the supported vendor attributes vendor asterfusion 56928 begin vendor asterfusion attribute aster terminal type 1 string attribute aster terminal vendor 2 string attribute aster privilege 3 integer attribute aster service 4 string attribute aster command 5 string attribute aster argument 6 string attribute aster error 7 string end vendor asterfusion if user want to assign vendor attributes to a user, please configure corresponding attributes on radius server aster privilege is used to assign privilege level to a user the value range is from 0 to 15, where 0 is the lowest privilege level and 15 is the highest privilege level aster service is used to assign service level command permission to a user the value will be provided by other documents aster command is used to assign cmd level command permission to a user example of configuring vendor attributes on freeradius server users file bob0 cleartext password = "hello" service type = nas prompt user, aster privilege = 0, aster service = "interface,l2", aster command = "(configure|exit|(^interface ))" configure radius global attributes request example to configure radius global attributes via edit config \<config>\<top> \<radius> \<global> \<timeout>30\</timeout> \<retransmit>3\</retransmit> \<auth type>chap\</auth type> \<shared secret>123456\</shared secret> \<src ip>192 168 1 1\</src ip> \<nas ip>10 0 0 1\</nas ip> \</global> \</radius> \</top>\</config> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ ebfa3243 1eef 4fb8 a002 5f8b06596324"> \<ok/> \</rpc reply> add radius server request example to add radius server via edit config \<config>\<top> \<radius> \<servers operation="create"> \<server> \<ipaddress>192 168 1 2\</ipaddress> \<auth port>1812\</auth port> \<auth type>pap\</auth type> \<timeout>30\</timeout> \</server> \<server> \<ipaddress>192 168 1 3\</ipaddress> \<auth port>1813\</auth port> \<auth type>chap\</auth type> \<timeout>50\</timeout> \</server> \</servers> \</radius> \</top>\</config> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ e5bdc8c8 b73c 4987 9907 0ae6f1229d81"> \<ok/> \</rpc reply> get radius configuration request example to get radius configuration via get config \<filter type="subtree"> \<top> \<radius/> \</top> \</filter> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ d497411c 967b 482b 8637 766faf82f727"> \<data> \<top> \<radius xmlns="http //asterfusion com/ns/yang/asternos radius"> \<global> \<shared secret>123456\</shared secret> \<auth type>chap\</auth type> \<src ip>192 168 1 1\</src ip> \<nas ip>10 0 0 1\</nas ip> \<timeout>30\</timeout> \<retransmit>3\</retransmit> \</global> \<servers> \<server> \<ipaddress>192 168 1 2\</ipaddress> \<auth port>1812\</auth port> \<auth type>pap\</auth type> \<timeout>30\</timeout> \</server> \<server> \<ipaddress>192 168 1 3\</ipaddress> \<auth port>1813\</auth port> \<auth type>chap\</auth type> \<timeout>50\</timeout> \</server> \</servers> \</radius> \</top> \</data> \</rpc reply> request example to get single radius server configuration \<filter type="subtree"> \<top> \<radius> \<servers> \<server> \<ipaddress>192 168 1 2\</ipaddress> \</server> \</servers> \</radius> \</top> \</filter> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ e5f7621e ec07 44b2 8c16 8a82878381a2"> \<data> \<top> \<radius xmlns="http //asterfusion com/ns/yang/asternos radius"> \<servers> \<server> \<ipaddress>192 168 1 2\</ipaddress> \<auth port>1812\</auth port> \<auth type>pap\</auth type> \<timeout>30\</timeout> \</server> \</servers> \</radius> \</top> \</data> \</rpc reply> delete radius server request example to delete single radius server via edit config \<config>\<top> \<radius> \<servers> \<server operation="delete"> \<ipaddress>192 168 1 2\</ipaddress> \</server> \</servers> \</radius> \</top>\</config> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ f81dc57e 98e9 40fd a405 b1ec2c381d14"> \<ok/> \</rpc reply> request example to delete all radius servers via edit config \<config>\<top> \<radius> \<servers operation="delete"/> \</radius> \</top>\</config> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid 0d022129 79d2 4f46 9f20 5f4f69cd31a5"> \<ok/> \</rpc reply>