Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Command Reference vA5(1.0) and earlier, Cisco ACE Application Control Engine

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

Command Reference vA5(1.0) and earlier, Cisco ACE Application Control Engine

Chapter Title

RADIUS Configuration Mode Commands

Results

Updated:
February 17, 2018

Chapter: RADIUS Configuration Mode Commands


RADIUS Configuration Mode Commands

RADIUS configuration mode commands allow you to configure multiple Remote Access Dial-In User Service (RADIUS) servers as a named AAA server group. You specify the IP address of one or more previously configured RADIUS servers that you want added to or removed from a AAA server group, along with a dead-time interval for the RADIUS server group.

For details about creating a RADIUS server group, see the Security Guide, Cisco ACE Application Control Engine.

To create a RADIUS server group and access RADIUS server configuration mode, enter the aaa group server radius command. The CLI prompt changes to (config-radius). Use the no form of this command to remove a RADIUS server group.

aaa group server radius group_name

no aaa group server radius group_name

Syntax Description

group_name

Group of RADIUS servers. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.


Command Modes

Configuration mode

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

The commands in this mode require the AAA feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

A server group is a list of server hosts. The ACE allows you to configure multiple AAA servers as a named server group. You group the different AAA server hosts into distinct lists. The ACE searches for the server hosts in the order in which you specify them within a group. You can configure a maximum of 10 server groups for each context in the ACE.

You can configure server groups at any time, but you must enter the aaa authentication login or the aaa accounting default command to apply them to the AAA service.

Examples

To create a RADIUS server group, enter: 

host1/Admin(config) aaa group server radius RADIUS_Server_Group1 

host1/Admin(config-radius)# server 172.16.56.76

host1/Admin(config-radius)# server 172.16.56.79

host1/Admin(config-radius)# server 172.16.56.82

Related Commands

(config) aaa accounting default

(config) aaa authentication login

(config-radius) deadtime

To specify a dead-time interval for the Remote Authentication Dial-In User Service (RADIUS) server group, use the deadtime command. Use the no form of this command to reset the RADIUS server group dead-time request to its default of 0.

deadtime minutes

no deadtime minutes

Syntax Description

minutes

Length of time that the ACE skips a nonresponsive RADIUS server for transaction requests. Valid entries are from 0 to 1440 (24 hours). The default is 0.


Command Modes

RADIUS configuration mode

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

Use of the deadtime command causes the ACE to mark as dead any RADIUS servers that fail to respond to authentication requests. Entering this command prevents the wait for the request to time out before trying the next configured server. The ACE skips a RADIUS server that is marked as dead by additional requests for the duration of minutes.

During the dead-time interval, the ACE sends probe access-request packets to verify that the RADIUS server is available and can receive authentication requests. The dead-time interval starts when the server does not respond to an authentication request transmission. When the server responds to a probe access-request packet, the ACE retransmits the authentication request to the server.

Examples

To globally configure a 15-minute dead-time interval for RADIUS servers that fail to respond to authentication requests, enter: 

host1/Admin(config) aaa group server radius RADIUS_Server_Group1 

host1/Admin(config-radius)# deadtime 15

To reset the RADIUS server dead-time request to the default of 0, enter: 

host1/Admin(config-radius)# no deadtime 15

Related Commands

(config) aaa group server

(config-radius) server

To specify the IP address of one or more previously configured Remote Authentication Dial-In User Service (RADIUS) servers that you want added to or removed from a server group, use the server command. Use the no form of this command to remove the RADIUS server from the AAA server group.

server ip_address

no server ip_address

Syntax Description

ip_address

IP address of the RADIUS server. Enter the address in dotted-decimal IP notation (for example, 192.168.11.1).


Command Modes

RADIUS configuration mode

Admin and user contexts

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

You can add multiple RADIUS servers to the AAA server group by entering multiple server commands in this mode. The same server can belong to multiple server groups.

Examples

To add servers to a RADIUS server group, enter: 

host1/Admin(config-radius)# server 172.16.56.76

host1/Admin(config-radius)# server 172.16.56.79

host1/Admin(config-radius)# server 172.16.56.82

To remove a server from a RADIUS server group, enter: 

host1/Admin(config) aaa group server radius RADIUS_Server_Group1 

host1/Admin(config-radius)# no server 172.16.56.76

Related Commands

(config) aaa group server

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

Related Cisco Community Discussions

About Us
Contact Us
Work with Us