AudioCodes Mediant 4000 SBC User Manual page 230

sending RADIUS requests to the redundant RADIUS server even if the primary server
returns to service later on. However, if a device reset occurs or a switchover occurs in a
High-Availability (HA) system, the device sends RADIUS requests to the primary RADIUS
server. By default, the device waits for up to two seconds (i.e., timeout) for a response from
the RADIUS server for RADIUS requests and retransmission before it considers the server
as down.
For each RADIUS server, the IP address, port, and shared secret can be configured. Each
RADIUS server can be defined for RADIUS-based login authentication and/or RADIUS-
based accounting. By setting the relevant port (authentication or accounting) to "0" disables
the corresponding functionality. If both ports are configured, the RADIUS server is used for
authentication and accounting. All servers configured with non-zero Authorization ports
form an Authorization redundancy group and the device sends authorization requests to
one of them, depending on their availability. All servers configured with non-zero
Accounting ports form an Accounting redundancy group and the device sends accounting
CDRs to one of them, depending on their availability. Below are example configurations:

Only one RADIUS server is configured and used for authorization and accounting
purposes (no redundancy). Therefore, both the Authorization and Accounting ports are
defined.

Three RADIUS servers are configured:
•
Two servers are used for authorization purposes only, providing redundancy.
Therefore, only the Authorization ports are defined, while the Accounting ports
are set to 0.
•
One server is used for accounting purposes only (i.e., no redundancy). Therefore,
only the Accounting port is defined, while the Authorization port is set to 0.

Two RADIUS servers are configured and used for authorization and accounting
purposes, providing redundancy. Therefore, both the Authorization and Accounting
ports are defined.
The status of the RADIUS severs can be viewed through CLI:
# show system radius servers status
The example below shows the status of two RADIUS servers in redundancy mode for
authorization and accounting:
servers 0
ip-address 10.4.4.203
auth-port 1812
auth-ha-state "ACTIVE"
acc-port 1813
acc-ha-state "ACTIVE"
servers 1
ip-address 10.4.4.202
auth-port 1812
auth-ha-state "STANDBY"
acc-port 1813
acc-ha-state "STANDBY"
Where auth-ha-state and acc-ha-state display the authentication and accounting
redundancy status respectively. "ACTIVE" means that the server was used for the last sent
authentication or accounting request; "STANDBY" means that the server was not used in
the last sent request.
The following procedure describes how to configure a RADIUS server through the Web
interface. You can also configure it through ini file (RadiusServers) or CLI configure system
> radius servers).
User's Manual 230
Mediant 4000 SBC
Document #: LTRT-40203