External RADIUS Server
The External RADIUS Server screen displays information about External RADIUS Servers that are configured for UPAM to use for authentication. This screen is also used to create, edit, and delete an external server.
To access the External RADIUS Server screen, click on Network Access > UPAM NAC > External Source under the “Configure” section of the OmniVista Cirrus Menu.
Click on the External RADIUS Server tab shown on the External Source screen to access the External RADIUS Server List.
Creating an External RADIUS Server
To add an External RADIUS Server to UPAM, click on Create External RADIUS Server to open the Create External RADIUS Server screen. Complete the following sections of the form, then click Create RADIUS Server when you are finished.
Basic Information - Configure an External RADIUS Server name and related attributes to identify the server.
Is this a RadSec Server? - Enables/disables UPAM to act as a RadSec client if the External RADIUS Server is a RadSec server.
Advanced Information - Configure the timeout and retry values that UPAM will use to determine if a server is unreachable.
Shared Secret - Configure a shared key that UPAM will use to communicate with the External RADIUS Server.
Pre-emption - Enables/disables whether UPAM will switch back to a primary External RADIUS Server at the end of a specified countdown timer value.
Basic Information
Server Name - Enter a name to identify the External RADIUS Server configuration.
Hostname/IP Address - Enter the hostname or IP address of the primary External RADIUS Server.
Backup Hostname/IP Address - Enter the hostname or IP address of a backup External RADIUS Server, if applicable. UPAM will attempt to use the backup server when the primary server is deemed unreachable.
If the External RADIUS Server uses RadSec to provide client authentication, make sure the IP address for the External RADIUS Server is a public IP address.
Is this a RadSec Server?
If the external RADIUS server uses RadSec (RADIUS-over-TLS), you can enable this option to allow UPAM to act as a RadSec client when communicating with the external RadSec server. By default, this option is disabled. When enabled, complete the following fields as described:
TLS Port - Enter the port number for the Transport Layer Security tunnel that will be used to pass RADIUS packets between the UPAM RadSec client and the external RadSec server. (Range = 1 - 65535, Default = 2083)
RadSec Certificate - Select an existing RadSec client certificate or click on Import Certificate to open the Create RadSec Certificate screen to import a new RadSec client certificate to use.
RadSec Trust CA - Select an existing RadSec Trust CA or click on Import Certificate to open the Add RadSec Trusted Authority screen and import a new RadSec Trust CA.
Advanced Information
Retries - Specify the number of times UPAM will attempt to reconnect to the External Radius Server when the connection timeout occurs before concluding that the External Radius Server is unreachable. (range = 1 – 3, Default = 3)
Timeout - Specify the amount of time, in seconds, that UPAM will attempt a connection to the External Radius Server before timing out. (Range = 1 – 30, Default = 5)
Authentication Port - Enter the TCP/UDP port used to perform authentication. (Range – 1 – 65535, Default = 1812)
Accounting Port - Enter the TCP/UDP port used to perform accounting. (Range – 1 – 65535, Default = 1813)
Note that the “Authentication Port” and “Accounting Port” options are not available if UPAM is acting as a RadSec client.
Shared Secret
Shared Secret - Specify the shared key that UPAM uses to communicate with the External Radius Server. (4 - 64 characters)
Confirm Secret - Re-enter to confirm the shared secret key. (4 - 64 characters)
Pre-emption
Pre-emption - Enables/Disables whether to go back to the primary External RADIUS Server. (Default = Disabled). When enabled:
Count-down Timer - Specify the amount of time to wait, in seconds, after a failover to the backup External RADIUS Server before attempting to go back to the primary External RADIUS Server. The countdown timer restarts on every switchover to the backup server. (Default = 600 seconds)
Editing an External RADIUS Server
Select a server in the External RADUIS Server List and click on the Edit icon. The Edit External RADIUS Server screen opens on which you can edit the fields as described above, When you are done making changes to the Server attributes, click on Save to return to the External RADIUS Server List.
Deleting an External RADIUS Server
Select a server in the External RADIUS Server List and click on the Delete icon under the “Actions” column or click on the Actions button and select Delete from the drop-down menu. When the following confirmation prompt appears, click on Delete to delete the profile.
External RADIUS Server List
The following information is displayed for each Server in the External RADIUS Server List:
Server Name - The name assigned to the Server configuration.
Hostname/IP Address - The hostname or IP address of the primary External RADIUS Server.
Backup Hostname/IP Address - The hostname or IP address of a backup External RADIUS Server, if applicable. UPAM will attempt to use the backup server when the primary server is deemed unreachable.
Authentication Port - The TCP/UDP port used to perform authentication.
Accounting Port - The TCP/UDP port used to perform accounting.
RadSec Server - Whether the external server is a RadSec server (Yes or No). If Yes, UPAM communicates with the external server as a RadSec client.
TLS Port - The port number for the Transport Layer Security tunnel that will be used to pass RADIUS packets between the UPAM RadSec client and the external RadSec server.
Pre-emption - Whether or not UPAM should go back to the primary External RADIUS Server at the end of a count-down timer. (Enabled = go back after count-down timer ends; Disabled = go back only when backup server times out).
Count-down Timer - When pre-emption is enabled, this value is the amount of time UPAM will wait, in seconds, after a failover to the backup External RADIUS Server before attempting to go back to the primary External RADIUS Server. The countdown timer restarts on every switchover to the backup server.
Created At - The date and time the External RADIUS Server configuration was created.