Manual Chapter :
Creating a RADIUS Client Configuration
Applies To:
Show VersionsBIG-IP APM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Creating a RADIUS Client Configuration
To configure the BIG-IP system as a RADIUS
Authentication Server for privileged user access, create RADIUS Client Configurations in
APM. Create a client configuration for each vendor supported by the backend
resources.
- On the Main tab, click.
- ClickCreate.
- ForName, type a name for the RADIUS Client Configuration.
- ForNASIP, type the Network Access Server IP Address of the RADIUS Authentication Client. Both IPv4 and IPv6 IP addresses are supported.You create separate client configurations for each vendor needed; multiple client configurations with different NAS IPs can target the same vendor as well (for example, this helps with setting SSH session access permissions).This NAS IP can be configured as an AVP (Attribute Value Pair in the backend resource configuration file) as part of the RADIUS access request. All backend resources with the same NAS IP are uniquely mapped to one RADIUS client configuration.
- From theVendorlist, select the vendor name for the RADIUS Authentication Client; select from CISCO, BLUECOAT, F5, JUNIPER, or PALOALTO.
- ForHost Group:
- AfterHost Group, type the name of a host group.
- ForPrivilege Level, specify a number that indicates the privilege level of the group.
- ClickAdd.The name is added to a list that shows the host group name with the privilege level appended to it. Create as many host groups as needed for your location.
Host groups determine the user access levels. The privilege levels correspond to the numbers mentioned in vendor-specific standards. As a best practice, you can maintain common host group names across all client configurations (privilege levels can differ according to vendor standards). Host groups are published as part of the access policy session parameter in the Variable Assignment agent, where you might see this assignment:session.custom.ephemeral.groups = return {root_level;manager_level;viewer_level } - ClickSave.
- Create as many RADIUS Authentication Configuration Profiles as needed for the vendors that are supported.
The RADIUS Client Configuration is created. You
will need to specify the clients in the RADIUS Authentication Configuration Profile.