Manual Chapter : Creating a virtual server for RADIUS
Applies To:Show Versions
- 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Creating a virtual server for RADIUS
You should have an access profile configured.
You create a virtual server to handle traffic connecting to applications being authenticated using RADIUS.
An AAA server does not load-balance. Do not select a local traffic pool for this virtual server.
- On the Main tab, click.The Virtual Server List screen opens.
- ClickCreate.The New Virtual Server screen opens.
- In theNamefield, type a unique name for the virtual server, such asldap_proxyorea-ldap-vip.
- ForSource Address, selectHostand type the address, for example0.0.0.0/0.
- For theDestination Address/Masksetting, confirm that theHostbutton is selected, and type the IP address in CIDR format (address/prefix).The various virtual servers being used for ephemeral authentication (LDAP, LDAPS, and/or RADIUS) can all have the same Destination Address as long as they use different service ports.
- In theService Portfield, select port number1812.
- ForProtocol, selectUDP.
- ForProtocol Profile (Client), select a protocol profile (such asudp).
- ForSource Address Translation, selectAuto Map.
- In the Ephemeral Authentication section, forAccess Configuration, select the Access Configuration you created.
- ForRADIUS Authentication Configuration, select the you created.
- Optionally, under Resources, forDefault Pool, select the external RADIUS server to be used for bypass users.If you want certain users to bypass ephemeral authentication, the RADIUS virtual server works as a RADIUS proxy. In that case, the backend devices authenticate directly with an external RADIUS server.
The virtual server is created with the Ephemeral Access Configuration and the RADIUS Authentication Configuration associated with it.