Adding an Alternative RADIUS Server is not Possible in the Command Line Interface.

Article Id: 170115

Status: Published

Updated On: 03-12-2017 11:02

Legacy Id: TECH247521

Products:

Advanced Secure Gateway Software - ASG , ProxySG Software - SGOS

Issue/Introduction:

It is not possible to add an alternate RADIUS Server to an existing Realm via the CLI. The command output is "ok" but the server cannot be seen when using the "view" command nor by viewing the realm through the Management Console.

The command that fails to enter a new RADIUS alternate server is as follows:

alternate-server secret s3cr3t 1.2.3.4 1812

Cause:

It is not possible to change both the secret and the host port of the alternate server at the same time.

Resolution:

The changes to host:port must be separate from the change in the RADIUS secret. This can be done by following these steps:

Via the Management Console:

• Navigate to "Management Console > Configuration > Authentication > RADIUS > Radius Servers > Change Secret under the Alternate Server section > [Enter the Secret twice]"
• Type in the IP and port number of the server under the Alternate Server section > Apply

Via the Command Line Interface (CLI):

• Enter the following commands:

      enable
      configure terminal
      security radius edit-realm realmname
      alternate-server secret s3cr3t
      alternate-server 1.2.3.4 1812
      view

Note: The "view" output should now contain the alternate server we've just added.