8
320 Nokia Network Voyager for IPSO 4.0 Reference Guide
4. Click the Control drop-down list and select required, requisite, sufficient, optional or
NOKIA-SERVER-AUTH-SUFFICIENT to determine the level of authentication to apply to
a profile. For more information, see “Profile Controls.”
5. Click Apply, and then click Save to make your changes permanent.
The name of the RADIUS authentication profile appears in the Auth. Profile table.
6. You must now configure one or more servers to use in a single authentication profile. In the
Auth. Profile table, click the Servers link in the row for the RADIUS authorization profile
you configured. This action takes you to the AAA RADIUS Authorization Servers
Configuration page.
7. In the RADIUS Servers for Auth. Profile table, enter a unique integer to indicate the priority
of the server in the Priority text box. There is no default. You must enter a value in the
Priority text box.
Note
You can configure multiple servers for a profile. The priority value determines which
server to try first. A smaller number indicates a higher priority.
8. Enter the IP address of the RADIUS server in the Host Address text box.
RADIUS supports only IPv4 addresses.
9. Enter the port number of the UDP port to contact on the server host in the Port # text box.
The default is 1812, which is specified by the RADIUS standard. The range is 1 to 65535.
Caution
Firewall software often blocks traffic on port 1812. To ensure that RADIUS packets are
not dropped, make sure that any firewalls between the RADIUS server and IPSO
devices are configured to allow traffic on UDP port 1812.
10. Enter the shared secret used to authenticate the authorization profile between the RADIUS
server and the local client in the Secret text box.
You must also configure this same value on your RADIUS server. Enter a text string without
a backslash.
For more information see RFC 2865. The RFC recommends that the shared secret be at least
16 characters long. Some RADIUS servers limit the shared secret to 15 or 16 characters.
Consult the documentation for your RADIUS server.
11. (Optional) Enter the number of seconds to wait for a response after contacting the server in
the Timeout text box.
Depending on your client configuration, if the client does not receive a response, it retries
the same server or attempts to contact another server. The default value is 3.
12. (Optional) Enter the maximum number of times to attempt to contact the server in the Max
Tries text box.