Radius Server Agent Configuration

Owned by Kevin Wu
Last updated: Jan 03, 2024
3 min read

You open the Radius Server agent configuration dialog from a workflow configuration. To open the Radius Server agent configuration, click  Build → New Configuration. Select Workflow from the Configurations dialog. When prompted to Select workflow type, select Realtime. Click Add agent and select Radius Server from the Collection tab of the Agent Selection dialog.

NAS Tab

The list on the NAS tab can be dynamically updated.

The Radius Server agent configuration dialog - NAS tab

In the NAS tab, all NASes that the agent collects information from, are specified.

Setting

Description

Setting

Description

Host Address

The IP address or hostname that the NAS, sending packets, is located on.

Secret Key

Key used for authentication of a received packet. This key must be identical to the one defined in the NAS.



If you are defining the NAS you can define them per workflow instances using the Workflow Table tab in Workflow Properties. By using the Workflow Table tab to set the property Additional Hosts to Default or Per Workflow.

You will need to follow a particular json format to define the servers. This format also applies when using External References.

[{"host":"<host>", "secret":"<password>"}]

The Radius Server Additional Hosts property with value - Workflow Instances

Miscellaneous Tab

The Radius Server agent configuration dialog - Miscellaneous tab

Setting

Description

Setting

Description

Port

The port number where the Radius Server agent will listen for packets from the NAS(es).

Note!

Since the NASes will be configured to communicate with a specific host on this port, it is important that the workflow containing the Radius Server agent is configured to execute on the associated EC for that host.

Two Radius agents may not be configured to listen on the same port, on the same host.



PDU Lifetime (millisec)

If set to a value larger than 0 (zero), duplicate check is activated. The buffer saved for comparison is the packets collected during the set time frame.

Skip MD5 Calculation

If enabled, the check for MD5 signatures is excluded. This is necessary if the Radius client does not send MD5 signatures along with the packets, in which case they would be discarded by the Radius Server agent.

Note!

When  Skip MD5 Calculation is enabled, the authenticator field in all response messages will be 0 (zero).



Duplicate Check

Checking for duplicate packets can be made based on:

  • Radius Standard - the identifier within the packet (byte number 2).

  • CRC32 - check sum for the complete packet.

When a duplicate is detected, it is silently thrown away (no message is logged) and the Radius agent responds as if a normal packet was received.

Error Handling

Select an Error Route to ensure that all rejected packets are routed into the workflow using this route. This is optional.