Restrictions for Configuring RadSec
The following restrictions apply to the RadSec feature:
-
A RADIUS client uses an ephemeral port as the source port. This source port should not be used for UDP, Datagram Transport Layer Security (DTLS), and Transport Layer Security (TLS) at the same time.
-
Although there is no configuration restriction, we recommend that you use the same type—either only TLS or only DTLS—for a server under an AAA server group.
-
RadSec is not supported on the DTLS port range 1 to 1024.
Note
DTLS ports must be configured to work with the RADIUS server.
-
RadSec is not supported with high availability.
-
RADIUS Change of Authorization (CoA) reception of request and transmission of response over the same authentication channel is supported with RadSec over TLS only. It is not supported over DTLS or plain RADIUS.
-
The tls watchdoginterval command is not applicable for Packet of Disconnect (PoD) use cases.
-
FQDN configuration for CoA is not supported.