Cisco Cisco ASR 5000
AAA Server Group Configuration Mode Commands
▀ radius
▄ Command Line Interface Reference, StarOS Release 18
164
keepalive
: Enables the AAA server alive-dead detect mechanism based on sending keepalive
authentication messages to all authentication servers. Default is disabled.
response-timeout response_timeout_duration
: Specifies the number of seconds, for any AAA
Manager, to wait for a response to any message before a server’s state is changed from “Active” to “Down”.
response_timeout_duration
must be an integer from 1 through 65535.
Important:
If both
consecutive-failures
and
response-timeout
are configured, then both parameters
must be met before a server’s state is changed to “Down”.
Important:
The “Active” or “Down” state of a RADIUS server as defined by the system, is based on
accessibility and connectivity. For example, if the server is functional but the system has placed it into a “Down” state,
it could be the result of a connectivity problem. When a RADIUS server’s state is changed to “Down”, a trap is sent to
the management station and the
it could be the result of a connectivity problem. When a RADIUS server’s state is changed to “Down”, a trap is sent to
the management station and the
deadtime
timer is started.
max-outstanding max_messages
Specifies the maximum number of outstanding messages a single AAA Manager instance will queue.
max_messages
must be an integer from 1 through 4000.
Default: 256
max-retries max_retries
Specifies the maximum number of times communication with a AAA server will be attempted before it is
marked as “Not Responding”, and the detect dead server’s consecutive failures count is incremented.
marked as “Not Responding”, and the detect dead server’s consecutive failures count is incremented.
max_retries
must be an integer from 0 through 65535.
Default: 5
max-transmissions max_transmissions
Sets the maximum number of re-transmissions for RADIUS authentication requests. This limit is used in
conjunction with
conjunction with
max-retries
parameter for each server.
When failing to communicate with a RADIUS sever, the subscriber is failed once all of the configured
RADIUS servers have been exhausted, or once the configured number of maximum transmissions is reached.
For example, if three servers are configured and if the configured max-retries is 3 and max-transmissions is
12, then the primary server is tried four times (once plus three retries), the secondary server is tried four
times, and then a third server is tried four times. If there is a fourth server, it is not tried because the
maximum number of transmissions (12) has been reached.
RADIUS servers have been exhausted, or once the configured number of maximum transmissions is reached.
For example, if three servers are configured and if the configured max-retries is 3 and max-transmissions is
12, then the primary server is tried four times (once plus three retries), the secondary server is tried four
times, and then a third server is tried four times. If there is a fourth server, it is not tried because the
maximum number of transmissions (12) has been reached.
max_transmissions
must be an integer from 1 through 65535.
Default: Disabled
probe-message local-service-address
ipv4/ipv6_address
radius probe-message
: Configures AVPs to be sent in RADIUS authentication probe messages.
local-service-address
: Configures the service ip-address to be sent as an AVP in RADIUS
authentication probe messages.
ipv4/ipv6_address
: Specifies the IP address of the server.
ip_address
must be specified in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation. A
maximum of 128 RADIUS servers can be configured per context. This limit includes accounting and
authentication servers.
authentication servers.