RADIUS Server Group Options

Navigation Path

Objects > Object Management > RADIUS Server GroupObjects > Object Management > AAA Server > RADIUS Server Group. Choose and edit a configured RADIUS Server Group object or add a new one.

Fields

  • Name and Description—Enter a name and optionally, a description to identify this RADIUS Server Group object.

  • Group Accounting Mode—The method for sending accounting messages to the RADIUS servers in the group. Choose Single, accounting messages are sent to a single server in the group, this is the default. Or, Simultaneous, accounting messages are sent to all servers in the group simultaneously.

  • Retry Interval—The interval between attempts to contact the RADIUS servers. Values range from 1 to 10 seconds.

  • Realms(Optional)—Specify or select the Active Directory (AD) realm this RADIUS server group is associated with. This realm is then selected in identity policies to access the associated RADIUS server group when determining the VPN authentication identity source for a traffic flow. This realm effectively provides a bridge from the identity policy to this Radius server group. If no realm is associated with this RADIUS server group, the RADIUS server group cannot be reached to determine the VPN authentication identity source for a traffic flow in an identity policy.

  • Enable authorize only—If this RADIUS server group is not being used for authentication, but is being used for authorization or accounting, check this field to enable authorize-only mode for the RADIUS server group.

    Authorize only mode eliminates the need of including the RADIUS server password in the Access-Request. Thus, the password, configured for the individual RADIUS servers, is ignored.

  • Enable interim account update and Interval—Enables the generation of RADIUS interim-accounting-update messages in order to inform the RADIUS server of newly assigned IP addresses. Set the length, in hours, of the interval between periodic accounting updates in the Interval field. The valid range is 1 to 120 and the default value is 24.

  • Enable Dynamic Authorization and Port— Enables the RADIUS dynamic authorization or change of authorization (CoA) services for this RADIUS server group. Specify the listening port for RADIUS CoA requests in the Port field. The valid range is 1024 to 65535 and the default value is 1700. Once defined, the corresponding RADIUS server group will be registered for CoA notification and it listens to the port for the CoA policy updates from the Cisco Identity Services Engine (ISE).

  • RADIUS Servers—See RADIUS Server Options.