VRF Configuration in RADIUS Profile

To configure the VRF in RADIUS server group, use the following sample configuration:

config 
   profile radius   
      server-group group_name 
         vrf vrf_name 
         server-private { radius_server_ip_address port_number  | [ range ] }  
            priority radius_server_priority 
            secret radius_server_secret_key 
            type { acct | auth } 
            end 

NOTES:

  • server-private { radius_server_ip_address port_number | [ range ] } —Specify the IP address and port number of the private RADIUS servers used for accounting and authentication requests. This server is private to the specific server-group.

    Private servers in the server-group will be given priority over global servers that are associated to the group. If private servers are unreachable or dead, global servers will be selected to send authentication or accounting requests.

  • priority radius_server_priority —Specify the priority of RADIUS server.

  • secret radius_server_secret_key —Specify the RADIUS server shared secret key.

    Must be a string.

  • type { acct | auth } —Specify the type of private RADIUS server used for accounting and authentication requests.

  • server-private { radius_server_ip_address port_number [ priority radius_server_priority | secret radius_server_secret | type { acct | auth } ] | [ range ] }

  • range —Specify the IP address range.

  • vrf vrf_name —Specify the VRF name to be configured in AAA server group.

    If VRF is configured in server-group, it is recommended to configure servers using server-private and not associate the global servers.

To define the VRF in RADIUS Dynamic-authorization/COA configuration, use the following sample configuration:

config 
   profile radius-dynamic-author 
      client client_ip_address vrf vrf_name 
         nas-identifier nas_identifier_port 
         secret secret_key 
         end 

NOTES:

  • client client_ip_address —Specify the RADIUS Dynamic-authorization client configuration.

  • vrf vrf_name —Specify the VRF name to be configured in AAA server group.

    If VRF is configured in server-group, it is recommended to configure servers using server-private and not associate the global servers.

  • nas-identifier nas_identifier_port —Specify the dynamic authorization NAS identifier.

  • secret secret_key —Specify the dynamic authorization server shared secret key.