Adding an Alternative RADIUS Server is not Possible in the Command Line Interface.

book

Article ID: 170115

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

It is not possible to add an alternate RADIUS Server to an existing Realm via the CLI. The command output is "ok" but the server cannot be seen when using the "view" command nor by viewing the realm through the Management Console.

The command that fails to enter a new RADIUS alternate server is as follows:

alternate-server secret s3cr3t 1.2.3.4 1812

Cause


It is not possible to change both the secret and the host port of the alternate server at the same time.

Resolution


The changes to host:port must be separate from the change in the RADIUS secret. This can be done by following these steps:

Via the Management Console:

• Navigate to "Management Console > Configuration > Authentication > RADIUS > Radius Servers > Change Secret under the Alternate Server section > [Enter the Secret twice]"
• Type in the IP and port number of the server under the Alternate Server section > Apply

Via the Command Line Interface (CLI):

• Enter the following commands:

      enable
      configure terminal
      security radius edit-realm realmname
      alternate-server secret s3cr3t
      alternate-server 1.2.3.4 1812
      view

Note: The "view" output should now contain the alternate server we've just added.