VRF Configuration in RADIUS Profile
To configure the VRF in RADIUS server group, use the following sample configuration:
config
profile radius
server-group group_name
vrf vrf_name
server-private { radius_server_ip_address port_number | [ range ] }
priority radius_server_priority
secret radius_server_secret_key
type { acct | auth }
end
NOTES:
-
server-private { radius_server_ip_address port_number | [ range ] } —Specify the IP address and port number of the private RADIUS servers used for accounting and authentication requests. This server is private to the specific server-group.
Private servers in the server-group will be given priority over global servers that are associated to the group. If private servers are unreachable or dead, global servers will be selected to send authentication or accounting requests.
-
priority radius_server_priority —Specify the priority of RADIUS server.
-
secret radius_server_secret_key —Specify the RADIUS server shared secret key.
Must be a string.
-
type { acct | auth } —Specify the type of private RADIUS server used for accounting and authentication requests.
-
server-private { radius_server_ip_address port_number [ priority radius_server_priority | secret radius_server_secret | type { acct | auth } ] | [ range ] }
-
range —Specify the IP address range.
-
vrf vrf_name —Specify the VRF name to be configured in AAA server group.
If VRF is configured in server-group, it is recommended to configure servers using server-private and not associate the global servers.
To define the VRF in RADIUS Dynamic-authorization/COA configuration, use the following sample configuration:
config
profile radius-dynamic-author
client client_ip_address vrf vrf_name
nas-identifier nas_identifier_port
secret secret_key
end
NOTES:
-
client client_ip_address —Specify the RADIUS Dynamic-authorization client configuration.
-
vrf vrf_name —Specify the VRF name to be configured in AAA server group.
If VRF is configured in server-group, it is recommended to configure servers using server-private and not associate the global servers.
-
nas-identifier nas_identifier_port —Specify the dynamic authorization NAS identifier.
-
secret secret_key —Specify the dynamic authorization server shared secret key.