Radius Server¶
Overview¶
This document describes the API to configure AAA Radius server and their properties in BIG-IQ.
REST Endpoint: /mgmt/cm/access/working-config/apm/aaa/radius¶
Requests¶
GET /mgmt/cm/access/working-config/apm/aaa/radius/<id>¶
Request Parameters¶
None
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
mode | string | There are three modes: Authentication (auth)- Specifies that the system performs only RADIUS authentication; select this mode to authenticate your users through a RADIUS server. Accounting (acct) - Specifies that the system performs only RADIUS accounting; select this mode to pass accounting information about your users to the external RADIUS accounting server. Authentication and Accounting (both) - Specifies that the system performs both RADIUS authentication and RADIUS accounting simultaneously. |
usePool | string | Specify RADIUS servers for APM to authenticate users. Use Pool to create a high availability configuration. Direct - Select to specify one RADIUS server for APM to authenticate users. |
authPort | number | The port number for the authentication service on your RADIUS server. The default value of the authentication service port is 1813. The port value is required if the mode is authentication or both. |
acctPort | number | The port number for the accounting service on your RADIUS server. The default value of the accounting service port is 1812. The port value is required if the mode is accounting or both. |
address | string | The IP address of your RADIUS authorization or accounting server. The IP address is required if the UsePool option is enabled. |
secret | string | The shared secret password for your RADIUS AAA server. |
nasIpAddress | string | An arbitrary IP address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client. |
nasIpv6Address | string | An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client. |
nasIdentifier | string | A string to identify the NAS that originates the access request. |
retries | number | The number of times the BIG-IP system tries to make a connection to the RADIUS AAA server after the first attempt fails. The default value is 3. |
radiusCharset | string | Character encoding used for the user name and password. The Windows-1252 APM RADIUS Auth agent decodes the user name and password into CP-1252 before sending it to the RADIUS server. This is the default setting. UTF-8 APM RADIUS Auth agent sends the user name and password to the RADIUS server unmodified. |
serviceType | string | The type of service you use on the RADIUS server. Service types are specific to your RADIUS implementation. If you select Default, the service type is set to Authenticate Only. |
timeout | number | The number of seconds to wait for a response from the RADIUS AAA server before timing out. The default value is 5 |
name | string | The name of the object.. |
partition | string | The BIG-IP partition where the object should be placed. |
subPath | string | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | A Reference to the device. |
name | string | The device name. Typically, it’s the device’s host name. |
machineId | string | The machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the device group |
link | string | URI link of the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no Permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | Yes |
Service_Catalog_Viewer | Yes |
Service_Catalog_Editor | Yes |
Trust_Discovery_Import | Yes |
Access_View | Yes |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | Yes |
Application_Viewer | Yes |
Trust_Discovery_Import | Yes |
Access_Deploy | Yes |
Access_Policy_Editor | Yes |
POST /mgmt/cm/access/working-config/apm/aaa/radius¶
Request Parameters¶
Name | Type | Required | Description |
---|---|---|---|
mode | string | False | There are three modes: Authentication (auth)- Specifies that the system performs only RADIUS authentication; select this mode to authenticate your users through a RADIUS server. Accounting (acct) - Specifies that the system performs only RADIUS accounting; select this mode to pass accounting information about your users to the external RADIUS accounting server. Authentication and Accounting (both) - Specifies that the system performs both RADIUS authentication and RADIUS accounting simultaneously. |
usePool | string | True | Specify RADIUS servers for APM to authenticate users. Use Pool to create a high availability configuration. Direct - Select to specify one RADIUS server for APM to authenticate users. |
authPort | number | True | The port number for the authentication service on your RADIUS server. The default value of the authentication service port is 1813. The port value is required if the mode is authentication or both. |
acctPort | number | True | The port number for the accounting service on your RADIUS server. The default value of the accounting service port is 1812. The port value is required if the mode is accounting or both. |
address | string | True | The IP address of your RADIUS authorization or accounting server. The IP address is required if the UsePool option is enabled. |
secret | string | True | The shared secret password for your RADIUS AAA server. |
nasIpAddress | string | False | An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client. |
nasIpv6Address | string | False | An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client. |
nasIdentifier | string | False | A string to identify the NAS that originates the access request. |
retries | number | True | The number of times the BIG-IP system tries to make a connection to the RADIUS AAA server after the first attempt fails. The default value is 3. |
radiusCharset | string | False | Character encoding used for the user name and password. The Windows-1252 APM RADIUS Auth agent decodes the user name and password into CP-1252 before sending it to the RADIUS server. This is the default setting. UTF-8 APM RADIUS Auth agent sends the user name and password to the RADIUS server unmodified. |
serviceType | string | False | The type of service you use on the RADIUS server. Service types are specific to your RADIUS implementation. If you select Default, the service type is set to Authenticate Only. |
timeout | number | True | The number of seconds to wait for a response from the RADIUS AAA server before timing out. The default value is 5 |
name | string | True | The name of the object.. |
partition | string | True | The BIG-IP partition where the object should be placed. |
subPath | string | False | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | False | A Reference to the device. |
link | string | False | URI link of the reference. |
isLsoShared | boolean | True | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | False | Reference to the device group. |
link | string | False | URI link of the reference. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
mode | string | There are three modes: Authentication (auth)- Specifies that the system performs only RADIUS authentication; select this mode to authenticate your users through a RADIUS server. Accounting (acct) - Specifies that the system performs only RADIUS accounting; select this mode to pass accounting information about your users to the external RADIUS accounting server. Authentication and Accounting (both) - Specifies that the system performs both RADIUS authentication and RADIUS accounting simultaneously. |
usePool | string | Specify RADIUS servers for APM to authenticate users. Use Pool to create a high availability configuration. Direct - Select to specify one RADIUS server for APM to authenticate users. |
authPort | number | The port number for the authentication service on your RADIUS server. The default value of the authentication service port is 1813. The port value is required if the mode is authentication or both. |
acctPort | number | The port number for the accounting service on your RADIUS server. The default value of the accounting service port is 1812. The port value is required if the mode is accounting or both. |
address | string | The IP address of your RADIUS authorization or accounting server. The IP address is required if the UsePool option is enabled. |
secret | string | The shared secret password for your RADIUS AAA server. |
nasIpAddress | string | An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client. |
nasIpv6Address | string | An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client. |
nasIdentifier | string | A string to identify the NAS that originates the access request. |
retries | number | The number of times the BIG-IP system tries to make a connection to the RADIUS AAA server after the first attempt fails. The default value is 3. |
radiusCharset | string | Character encoding used for the user name and password. The Windows-1252 APM RADIUS Auth agent decodes the user name and password into CP-1252 before sending it to the RADIUS server. This is the default setting. UTF-8 APM RADIUS Auth agent sends the user name and password to the RADIUS server unmodified. |
serviceType | string | The type of service you use on the RADIUS server. Service types are specific to your RADIUS implementation. If you select Default, the service type is set to Authenticate Only. |
timeout | number | The number of seconds to wait for a response from the RADIUS AAA server before timing out. The default value is 5 |
name | string | The name of the object.. |
partition | string | The BIG-IP partition where the object should be placed. |
subPath | string | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | A Reference to the device. |
name | string | The device name. Typically, it’s the device’s host name. |
machineId | string | The machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the device group |
link | string | URI link of the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no Permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | No |
Service_Catalog_Viewer | No |
Service_Catalog_Editor | No |
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | No |
Application_Viewer | No |
Trust_Discovery_Import | No |
Access_Deploy | No |
Access_Policy_Editor | No |
PUT /mgmt/cm/access/working-config/apm/aaa/radius/<id>¶
Request Parameters¶
Name | Type | Required | Description |
---|---|---|---|
mode | string | False | There are three modes: Authentication (auth)- Specifies that the system performs only RADIUS authentication; select this mode to authenticate your users through a RADIUS server. Accounting (acct) - Specifies that the system performs only RADIUS accounting; select this mode to pass accounting information about your users to the external RADIUS accounting server. Authentication and Accounting (both) - Specifies that the system performs both RADIUS authentication and RADIUS accounting simultaneously. |
usePool | string | True | Specify RADIUS servers for APM to authenticate users. Use Pool to create a high availability configuration. Direct - Select to specify one RADIUS server for APM to authenticate users. |
authPort | number | True | The port number for the authentication service on your RADIUS server. The default value of the authentication service port is 1813. The port value is required if the mode is authentication or both. |
acctPort | number | False | The port number for the accounting service on your RADIUS server. The default value of the accounting service port is 1812. The port value is required if the mode is accounting or both. |
address | string | False | The IP address of your RADIUS authorization or accounting server. The IP address is required if the UsePool option is enabled. |
secret | string | False | The shared secret password for your RADIUS AAA server. |
nasIpAddress | string | False | An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client. |
nasIpv6Address | string | False | An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client. |
nasIdentifier | string | False | A string to identify the NAS that originates the access request. |
retries | number | False | The number of times the BIG-IP system tries to make a connection to the RADIUS AAA server after the first attempt fails. The default value is 3. |
radiusCharset | string | False | Character encoding used for the user name and password. The Windows-1252 APM RADIUS Auth agent decodes the user name and password into CP-1252 before sending it to the RADIUS server. This is the default setting. UTF-8 APM RADIUS Auth agent sends the user name and password to the RADIUS server unmodified. |
serviceType | string | False | The type of service you use on the RADIUS server. Service types are specific to your RADIUS implementation. If you select Default, the service type is set to Authenticate Only. |
timeout | number | False | The number of seconds to wait for a response from the RADIUS AAA server before timing out. The default value is 5 |
name | string | False | The name of the object.. |
partition | string | False | The BIG-IP partition where the object should be placed. |
subPath | string | False | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | False | A Reference to the device. |
name | string | False | The device name. Typically, it’s the device’s host name. |
machineId | string | False | The machine ID of the device. |
link | string | False | URI link of the reference. |
isLsoShared | boolean | False | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | False | Reference to the device group. |
name | string | False | Name of the device group |
link | string | False | URI link of the reference. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
mode | string | There are three modes: Authentication (auth)- Specifies that the system performs only RADIUS authentication; select this mode to authenticate your users through a RADIUS server. Accounting (acct) - Specifies that the system performs only RADIUS accounting; select this mode to pass accounting information about your users to the external RADIUS accounting server. Authentication and Accounting (both) - Specifies that the system performs both RADIUS authentication and RADIUS accounting simultaneously. |
usePool | string | Specify RADIUS servers for APM to authenticate users. Use Pool to create a high availability configuration. Direct - Select to specify one RADIUS server for APM to authenticate users. |
authPort | number | The port number for the authentication service on your RADIUS server. The default value of the authentication service port is 1813. The port value is required if the mode is authentication or both. |
acctPort | number | The port number for the accounting service on your RADIUS server. The default value of the accounting service port is 1812. The port value is required if the mode is accounting or both. |
address | string | The IP address of your RADIUS authorization or accounting server. The IP address is required if the UsePool option is enabled. |
secret | string | The shared secret password for your RADIUS AAA server. |
nasIpAddress | string | An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client. |
nasIpv6Address | string | An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client. |
nasIdentifier | string | A string to identify the NAS that originates the access request. |
retries | number | The number of times the BIG-IP system tries to make a connection to the RADIUS AAA server after the first attempt fails. The default value is 3. |
radiusCharset | string | Character encoding used for the user name and password. The Windows-1252 APM RADIUS Auth agent decodes the user name and password into CP-1252 before sending it to the RADIUS server. This is the default setting. UTF-8 APM RADIUS Auth agent sends the user name and password to the RADIUS server unmodified. |
serviceType | string | The type of service you use on the RADIUS server. Service types are specific to your RADIUS implementation. If you select Default, the service type is set to Authenticate Only. |
timeout | number | The number of seconds to wait for a response from the RADIUS AAA server before timing out. The default value is 5 |
name | string | The name of the object.. |
partition | string | The BIG-IP partition where the object should be placed. |
subPath | string | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | A Reference to the device. |
name | string | The device name. Typically, it’s the device’s host name. |
machineId | string | The machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the device group |
link | string | URI link of the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no Permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | No |
Service_Catalog_Viewer | No |
Service_Catalog_Editor | No |
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | No |
Application_Viewer | No |
Trust_Discovery_Import | No |
Access_Deploy | No |
Access_Policy_Editor | No |
PATCH /mgmt/cm/access/working-config/apm/aaa/radius/<id>¶
Request Parameters¶
Name | Type | Required | Description |
---|---|---|---|
usePool | string | True | Specify RADIUS servers for APM to authenticate users. Use Pool to create a high availability configuration. Direct - Select to specify one RADIUS server for APM to authenticate users. |
authPort | number | True | The port number for the authentication service on your RADIUS server. The default value of the authentication service port is 1813. The port value is required if the mode is authentication or both. |
acctPort | number | False | The port number for the accounting service on your RADIUS server. The default value of the accounting service port is 1812. The port value is required if the mode is accounting or both. |
address | string | False | The IP address of your RADIUS authorization or accounting server. The IP address is required if the UsePool option is enabled. |
secret | string | False | The shared secret password for your RADIUS AAA server. |
nasIpAddress | string | False | An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client. |
nasIpv6Address | string | False | An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client. |
nasIdentifier | string | False | A string to identify the NAS that originates the access request. |
retries | number | False | The number of times the BIG-IP system tries to make a connection to the RADIUS AAA server after the first attempt fails. The default value is 3. |
radiusCharset | string | False | Character encoding used for the user name and password. The Windows-1252 APM RADIUS Auth agent decodes the user name and password into CP-1252 before sending it to the RADIUS server. This is the default setting. UTF-8 APM RADIUS Auth agent sends the user name and password to the RADIUS server unmodified. |
serviceType | string | False | The type of service you use on the RADIUS server. Service types are specific to your RADIUS implementation. If you select Default, the service type is set to Authenticate Only. |
timeout | number | False | The number of seconds to wait for a response from the RADIUS AAA server before timing out. The default value is 5 |
isLsoShared | boolean | False | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
mode | string | There are three modes: Authentication (auth)- Specifies that the system performs only RADIUS authentication; select this mode to authenticate your users through a RADIUS server. Accounting (acct) - Specifies that the system performs only RADIUS accounting; select this mode to pass accounting information about your users to the external RADIUS accounting server. Authentication and Accounting (both) - Specifies that the system performs both RADIUS authentication and RADIUS accounting simultaneously. |
usePool | string | Specify RADIUS servers for APM to authenticate users. Use Pool to create a high availability configuration. Direct - Select to specify one RADIUS server for APM to authenticate users. |
authPort | number | The port number for the authentication service on your RADIUS server. The default value of the authentication service port is 1813. The port value is required if the mode is authentication or both. |
acctPort | number | The port number for the accounting service on your RADIUS server. The default value of the accounting service port is 1812. The port value is required if the mode is accounting or both. |
address | string | The IP address of your RADIUS authorization or accounting server. The IP address is required if the UsePool option is enabled. |
secret | string | The shared secret password for your RADIUS AAA server. |
nasIpAddress | string | An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client. |
nasIpv6Address | string | An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client. |
nasIdentifier | string | A string to identify the NAS that originates the access request. |
retries | number | The number of times the BIG-IP system tries to make a connection to the RADIUS AAA server after the first attempt fails. The default value is 3. |
radiusCharset | string | Character encoding used for the user name and password. The Windows-1252 APM RADIUS Auth agent decodes the user name and password into CP-1252 before sending it to the RADIUS server. This is the default setting. UTF-8 APM RADIUS Auth agent sends the user name and password to the RADIUS server unmodified. |
serviceType | string | The type of service you use on the RADIUS server. Service types are specific to your RADIUS implementation. If you select Default, the service type is set to Authenticate Only. |
timeout | number | The number of seconds to wait for a response from the RADIUS AAA server before timing out. The default value is 5 |
name | string | The name of the object. |
partition | string | The BIG-IP partition where the object should be placed. |
subPath | string | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | A Reference to the device. |
name | string | The device name. Typically, it’s the device’s host name. |
machineId | string | The machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the device group |
link | string | URI link of the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no Permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | No |
Service_Catalog_Viewer | No |
Service_Catalog_Editor | No |
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | No |
Application_Viewer | No |
Trust_Discovery_Import | No |
Access_Deploy | No |
Access_Policy_Editor | No |
DELETE /mgmt/cm/access/working-config/apm/aaa/radius/<id>¶
Request Parameters¶
None
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
mode | string | There are three modes: Authentication (auth)- Specifies that the system performs only RADIUS authentication; select this mode to authenticate your users through a RADIUS server. Accounting (acct) - Specifies that the system performs only RADIUS accounting; select this mode to pass accounting information about your users to the external RADIUS accounting server. Authentication and Accounting (both) - Specifies that the system performs both RADIUS authentication and RADIUS accounting simultaneously. |
usePool | string | Specify RADIUS servers for APM to authenticate users. Use Pool to create a high availability configuration. Direct - Select to specify one RADIUS server for APM to authenticate users. |
authPort | number | The port number for the authentication service on your RADIUS server. The default value of the authentication service port is 1813. The port value is required if the mode is authentication or both. |
acctPort | number | The port number for the accounting service on your RADIUS server. The default value of the accounting service port is 1812. The port value is required if the mode is accounting or both. |
address | string | The IP address of your RADIUS authorization or accounting server. The IP address is required if the UsePool option is enabled. |
secret | string | The shared secret password for your RADIUS AAA server. |
nasIpAddress | string | An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client. |
nasIpv6Address | string | An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client. |
nasIdentifier | string | A string to identify the NAS that originates the access request. |
retries | number | The number of times the BIG-IP system tries to make a connection to the RADIUS AAA server after the first attempt fails. The default value is 3. |
radiusCharset | string | Character encoding used for the user name and password. The Windows-1252 APM RADIUS Auth agent decodes the user name and password into CP-1252 before sending it to the RADIUS server. This is the default setting. UTF-8 APM RADIUS Auth agent sends the user name and password to the RADIUS server unmodified. |
serviceType | string | The type of service you use on the RADIUS server. Service types are specific to your RADIUS implementation. If you select Default, the service type is set to Authenticate Only. |
timeout | number | The number of seconds to wait for a response from the RADIUS AAA server before timing out. The default value is 5 |
name | string | The name of the object. |
partition | string | The BIG-IP partition where the object should be placed. |
subPath | string | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | A Reference to the device. |
name | string | The device name. Typically, it’s the device’s host name. |
machineId | string | The machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the device group |
link | string | URI link of the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no Permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | No |
Service_Catalog_Viewer | No |
Service_Catalog_Editor | No |
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | No |
Application_Viewer | No |
Trust_Discovery_Import | No |
Access_Deploy | No |
Access_Policy_Editor | No |
Examples¶
Get AAA Radius Server¶
GET /mgmt/cm/access/working-config/apm/aaa/radius/<id>
Response¶
HTTP/1.1 200 OK
{
"mode": "auth",
"usePool": "disabled",
"authPort": 1813,
"acctPort": 1812,
"address": "1.1.1.1",
"secret": "secret",
"nasIpAddress": "1.1.1.1",
"nasIpv6Address": "1:1:1:1:1:1:1:1",
"nasIdentifier": "SSID-2",
"retries": 3,
"radiusCharset": "cp1252",
"serviceType": "default",
"timeout": 5,
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}
Create New AAA Radius Server¶
POST /mgmt/cm/access/working-config/apm/aaa/radius
{
"mode": "auth",
"usePool": "disabled",
"authPort": 1813,
"acctPort": 1812,
"address": "1.1.1.1",
"secret": "secret",
"nasIpAddress": "1.1.1.1",
"nasIpv6Address": "1:1:1:1:1:1:1:1",
"nasIdentifier": "SSID-2",
"retries": 3,
"radiusCharset": "cp1252",
"serviceType": "default",
"timeout": 5,
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
}
}
Response¶
HTTP/1.1 200 OK
{
"mode": "auth",
"usePool": "disabled",
"authPort": 1813,
"acctPort": 1812,
"address": "1.1.1.1",
"secret": "secret",
"nasIpAddress": "1.1.1.1",
"nasIpv6Address": "1:1:1:1:1:1:1:1",
"nasIdentifier": "SSID-2",
"retries": 3,
"radiusCharset": "cp1252",
"serviceType": "default",
"timeout": 5,
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}
Edit AAA Radius Server¶
PUT /mgmt/cm/access/working-config/apm/aaa/radius/<id>
{
"mode": "auth",
"usePool": "disabled",
"authPort": 1813,
"acctPort": 1812,
"address": "1.1.1.1",
"secret": "secret",
"nasIpAddress": "1.1.1.1",
"nasIpv6Address": "1:1:1:1:1:1:1:1",
"nasIdentifier": "SSID-2",
"retries": 3,
"radiusCharset": "cp1252",
"serviceType": "default",
"timeout": 5,
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}
Response¶
HTTP/1.1 200 OK
{
"mode": "auth",
"usePool": "disabled",
"authPort": 1813,
"acctPort": 1812,
"address": "1.1.1.1",
"secret": "secret",
"nasIpAddress": "1.1.1.1",
"nasIpv6Address": "1:1:1:1:1:1:1:1",
"nasIdentifier": "SSID-2",
"retries": 3,
"radiusCharset": "cp1252",
"serviceType": "default",
"timeout": 5,
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}
Edit AAA Radius Server¶
PATCH /mgmt/cm/access/working-config/apm/aaa/radius/<id>
{
"usePool": "disabled",
"authPort": 1813,
"acctPort": 1812,
"address": "1.1.1.1",
"secret": "secret",
"nasIpAddress": "1.1.1.1",
"nasIpv6Address": "1:1:1:1:1:1:1:1",
"nasIdentifier": "SSID-2",
"retries": 3,
"radiusCharset": "cp1252",
"serviceType": "default",
"timeout": 5,
"isLsoShared": false,
}
Response¶
HTTP/1.1 200 OK
{
"mode": "auth",
"usePool": "disabled",
"authPort": 1813,
"acctPort": 1812,
"address": "1.1.1.1",
"secret": "secret",
"nasIpAddress": "1.1.1.1",
"nasIpv6Address": "1:1:1:1:1:1:1:1",
"nasIdentifier": "SSID-2",
"retries": 3,
"radiusCharset": "cp1252",
"serviceType": "default",
"timeout": 5,
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}
Delete AAA Radius Server¶
DELETE /mgmt/cm/access/working-config/apm/aaa/radius/<id>
Response¶
HTTP/1.1 200 OK
{
"mode": "auth",
"usePool": "disabled",
"authPort": 1813,
"acctPort": 1812,
"address": "1.1.1.1",
"secret": "secret",
"nasIpAddress": "1.1.1.1",
"nasIpv6Address": "1:1:1:1:1:1:1:1",
"nasIdentifier": "SSID-2",
"retries": 3,
"radiusCharset": "cp1252",
"serviceType": "default",
"timeout": 5,
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}