Configuring IKEv2 with LANconfig / Extended settings
Parent topic: Extended settings

RADIUS accounting

In the RADIUS accounting section you configure the settings for the RADIUS server used for VPN client accounting.

The Update cycle field is used to set the time in seconds between two successive interim-update messages. The device randomly inserts a tolerance of ±10% to keep the update messages of parallel accounting sessions separate from one another.

Just click on RADIUS server to open the configuration dialog of the RADIUS server.





Name
Specify an identifier for this entry.
Server address
Specify the host name for the RADIUS server (IPv4, IPv6 or DNS address).
Port
Specify the UDP port of the RADIUS server. The value "1813" is preset as the default value.
Secret
This entry contains the shared secret used to authorize the LANCOM gateway at the RADIUS server.
Note: Confirm the secret by entering it again into the field that follows.
Protocols
From the drop-down menu, choose between the standard RADIUS protocol and the secure RADSEC protocol for RADIUS requests.
Source address (optional)
Enter the loopback address of the device, where applicable.
Attribute values
LCOS facilitates the configuration of the RADIUS attributes used to communicate with a RADIUS server (for authentication and accounting). The attributes are specified in a semicolon-separated list of attribute numbers or names along with a corresponding value in the following form: <Attribute_1>=<Value_1>;<Attribute_2>=<Value_2> As the number of characters is limited, the name can abbreviated. The abbreviation must be unique, however. Examples:
  • NAS-Port=1234 is not allowed, because the attribute is not unique (NAS-Port, NAS-Port-Id or NAS-Port-Type).
  • NAS-Id=ABCD is allowed, because the attribute is unique (NAS-Identifier).
Attribute values can be used to specify names or RFC-compliant numbers. For the device , the specifications Service-Type=Framed and Service-Type=2 are identical. Specifying a value in quotation marks ("<Value>") allows you to specify special characters such as spaces, semicolons or equals signs. The quotation mark requires a leading backslash (\"), as does the backslash itself (\\). The following variables are permitted as values:
%n
Device name
%e
Serial number of the device
%%
Percent sign
%{name}
Original name of the attribute as transferred by the RADIUS application. This allows attributes to be set with the original RADIUS attributes, for example: Called-Station-Id=%{NAS-Identifier} sets the attribute Called-Station-Id to the value with the attribute NAS-Identifier.
Backup profile
From the list of RADIUS server profiles, select a profile as the backup server.
Note: The RADIUS server configured is selected in the connection list under VPN > IKEv2/IPSec > Connection list in the RADIUS acc. server field.
Parent topic: Extended settings

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo