Manual Pages


Table of Contents

NAME

radius - Manages RADIUS client protocol and components.

SYNOPSIS

radius add [-d] <hostname> | <ip_addr> [-p <port number>]

radius remove <hostname> | <ip_addr> [-p <port number>]

radius show

radius start

radius stats [-z]

radius status

radius stop

DESCRIPTION

RADIUS (Remote Authentication Dial In User Service) is a networking protocol that uses access servers to provide centralized management of access to large networks.

Using the RADIUS client service in ONTAP, the iSCSI target can access the RADIUS server for centralized CHAP secrets management and user authentication using an industry standard protocol.

The radius command manages the RADIUS client service on a storage system.

Using the radius command, you can start and stop the RADIUS client service, add or remove RADIUS servers, display the RADIUS configuration, and dump RADIUS statistics.

USAGE

radius add [-d] <hostname> | <ip_addr> [-p <port number>]

Adds a RADIUS server to the client service using the hostname or IP address of the RADIUS server. Enter the ip_addr in dotted quad format.

Use the -d option to specify the new configured RADIUS server as the default RADIUS server.

If you do not use the port number argument, the default port number 1812 is used.

radius remove <hostname> | <ip_addr> [-p <port number>]

Removes a RADIUS server from the client service using the hostname or IP address of the RADIUS server. Enter the ip_addr in dotted quad format.

If you do not use the port_number argument, the default port number 1812 is used.

radius start

Starts the RADIUS client service if it is not already running.

radius stop

Stops the RADIUS client service if it is running; this aborts any active RADIUS authentication requests.

radius status

Displays the current status of the RADIUS client service.

radius show

Displays information about the RADIUS client service.

radius stats [-z]

Displays or zeroes the RADIUS client statistics.

The -z option zeroes the statistics.

HA CONSIDERATIONS

Each storage system in an HA pair operates as an independent RADIUS client service with its own configuration. During a cf takeover, the storage system that takes over assumes the RADIUS client identity of the failed storage system, including its configurations.

VFILER CONSIDERATIONS

When run from a vfiler context (for example via the vfiler run command), radius subcommands operate on the concerned vfiler except for the radius stats subcommand. The statistics displayed apply to the entire physical storage system and not to individual vfilers.

EXAMPLES

Starts and stops the RADIUS client service:
    FAS> radius start
    RADIUS client service started

    FAS> radius stop
    RADIUS client service stopped

Displays the information about the RADIUS client service:

    FAS> radius show
    RADIUS client service is running

    Default RADIUS server : IP_Addr=10.60.155.58  UDPPort=1820

    Backup RADIUS server 0: IP_Addr=10.60.155.58  UDPPort=1812

    Backup RADIUS server 1: IP_Addr=10.60.155.4  UDPPort=1812

Displays current RADIUS client statistics:

    FAS> radius stats
    RADIUS client statistics
      RADIUS current queued requests:    12
      RADIUS authentication requests:    1343
      RADIUS authentication denied:      32
      RADIUS access-accept received:     1323
      RADIUS access-reject received:     32
      RADIUS access-challenges received: 0
      RADIUS unknown packets received:   3
      RADIUS access-request rexmits:     2
      RADIUS access-request noanswer:    0
      RADIUS unknown server:             0
      RADIUS late reply received:        0
      RADIUS short packets received:     0

Adds a RADIUS server to the configuration:

    FAS> radius add -d 10.60.155.58 -p 1812

Removes a RADIUS server from the configuration:

    FAS> radius remove 10.60.155.58 -p 1812

SEE ALSO

na_vfiler(1), na_iscsi(1)


Table of Contents