/system/vrfs/{VRF.name}/radius_servers/{Radius_Server.address},{Radius_Server.port},{Radius_Server.port_type}

patch

https://switch-ip/rest/v10.16/system/vrfs/{VRF.name}/radius_servers/{Radius_Server.address},{Radius_Server.port},{Radius_Server.port_type}

Path Params

VRF.name

string

required

Reference Resource: VRF
VRF identifier. Should be alphanumeric. VRF names must be unique.

Radius_Server.address

string

required

Reference Resource: Radius_Server
IPV4/IPV6 address or FQDN of the RADIUS server.

Radius_Server.port

string

required

Reference Resource: Radius_Server
Specifies the port number for authentication.

Radius_Server.port_type

string

enum

required

Reference Resource: Radius_Server
Specifies the type of port (tcp/udp) for authentication.

Allowed:

Body Params

accounting_udp_port

integer

1 to 65535

UDP port to be used for the communication to RADIUS accounting.

auth_type

string

enum

Specifies the server specific authentication method (pap/chap) to be used. If not set, the globally configured authentication method (pap/chap) will be used.

Allowed:

clearpass

object

Clearpass specific configuration.

ipsec_ah

object

IPSec Authentication Header configuration. If both AH and ESP are configured, then ESP will be ignored and AH will be used. If both System level and Radius_Server AH configuration is provided then Radius_Server configuration will be used for the specific Radius server.

ipsec_esp

object

IPSec Encapsulating Security Protocol configuration. If both AH and ESP are configured, then ESP will be ignored and AH will be used. If both System level and Radius_Server ESP configuration is provided then Radius_Server configuration will be used for the specific Radius server.

msg_authenticator_check

boolean

Specifies whether Message-Authenticator attribute must be presented in Radius Server Responses.

passkey

string

Specifies the passkey between RADIUS client and RADIUS server for authentication. If not set, the globally configured passkey will be used.

port_access

string

enum

Configures the message type sent in RadSec sessions created for port-access authentication for keeping the session active 'status-server' : status-server messages are sent for keeping the session active. 'keep-alive' : keep-alive messages are be sent for keeping the session active

Allowed:

retries

integer

0 to 5

Specifies the server specific number of retries to the RADIUS server if there is no response. If not set, the globally configured retries will be used.

server_group

object

Reference Resource: AAA_Server_Group
Key specifies the RADIUS server-group that it belongs to. It would belong to a family group 'radius' group and the user defined AAA server group Value specifies the priority of the RADIUS server in the associated AAA server group. A server with lower priority in a server group is reached out first. Servers with equal priority in a group will be reached out as follows: Those belonging to VRF where vrf_name appears alphabetically earlier than the others are reached out first. If that's a tie, servers with address appearing alphabetically earlier than the others is reached out first. If that too is a tie, servers with smaller UDP port are reached out first.

timeout

integer

1 to 60

Specifies the server specific timeout between authentication requests to the RADIUS server. If not set, the globally configured timeout will be used.

tls_initial_connection_timeout

integer

5 to 300

RADIUS over TLS initial connection timeout value in seconds. If not specified, the globally configured initial connection timeout value will be used.

tracking_enable

boolean

Specifies whether tracking should be enabled on this server.

tracking_method

string

enum

Configures the tracking method used for tracking server reacchability. Tracking method configuration is applicable only when tracking is enabled for the server. 'status-server' : status-server messages are sent for server tracking. 'keep-alive' : keep-alive messages are sent for server tracking. 'access-request' : access-request messages are sent for server tracking

Allowed:

tracking_mode

string

enum

Specifies the tracking mode to be set for this server and is only applicable when tracking is enabled for this server. 'any' : Server reachability is monitored regardless of whether the server was responsive or non-responsive to prior RADIUS client requests. 'dead-only' : Server reachability is monitored only if it is deemed dead (based on non-responsiveness for RADIUS client requests sent to this server earlier).

Allowed:

Responses

204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

415

Unsupported Media Type

500

Internal Server Error

501

Not Implemented

503

Service Unavailable

Language

Response

Click Try It! to start a request and see the response here!