Radius Server

Overview

This document describes the API to configure AAA Radius server and their properties in BIG-IQ.

REST Endpoint: /mgmt/cm/access/working-config/apm/aaa/radius

Requests

GET /mgmt/cm/access/working-config/apm/aaa/radius/<id>

Request Parameters

None

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
mode string There are three modes: Authentication (auth)- Specifies that the system performs only RADIUS authentication; select this mode to authenticate your users through a RADIUS server. Accounting (acct) - Specifies that the system performs only RADIUS accounting; select this mode to pass accounting information about your users to the external RADIUS accounting server. Authentication and Accounting (both) - Specifies that the system performs both RADIUS authentication and RADIUS accounting simultaneously.
usePool string Specify RADIUS servers for APM to authenticate users. Use Pool to create a high availability configuration. Direct - Select to specify one RADIUS server for APM to authenticate users.
authPort number The port number for the authentication service on your RADIUS server. The default value of the authentication service port is 1813. The port value is required if the mode is authentication or both.
acctPort number The port number for the accounting service on your RADIUS server. The default value of the accounting service port is 1812. The port value is required if the mode is accounting or both.
address string The IP address of your RADIUS authorization or accounting server. The IP address is required if the UsePool option is enabled.
secret string The shared secret password for your RADIUS AAA server.
nasIpAddress string An arbitrary IP address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client.
nasIpv6Address string An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client.
nasIdentifier string A string to identify the NAS that originates the access request.
retries number The number of times the BIG-IP system tries to make a connection to the RADIUS AAA server after the first attempt fails. The default value is 3.
radiusCharset string Character encoding used for the user name and password. The Windows-1252 APM RADIUS Auth agent decodes the user name and password into CP-1252 before sending it to the RADIUS server. This is the default setting. UTF-8 APM RADIUS Auth agent sends the user name and password to the RADIUS server unmodified.
serviceType string The type of service you use on the RADIUS server. Service types are specific to your RADIUS implementation. If you select Default, the service type is set to Authenticate Only.
timeout number The number of seconds to wait for a response from the RADIUS AAA server before timing out. The default value is 5
name string The name of the object..
partition string The BIG-IP partition where the object should be placed.
subPath string The BIG-IP partition where the object should be placed.
lsoDeviceReference reference A Reference to the device.
     name string The device name. Typically, it’s the device’s host name.
     machineId string The machine ID of the device.
     link string URI link of the reference.
isLsoShared boolean Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference Reference to the device group.
     name string Name of the device group
     link string URI link of the reference.

Error Response

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials (no Permission).

Permissions

Role Allow
Application_Editor Yes
Service_Catalog_Viewer Yes
Service_Catalog_Editor Yes
Trust_Discovery_Import Yes
Access_View Yes
Access_Edit Yes
Access_Manager Yes
Application_Manager Yes
Application_Viewer Yes
Trust_Discovery_Import Yes
Access_Deploy Yes
Access_Policy_Editor Yes

POST /mgmt/cm/access/working-config/apm/aaa/radius

Request Parameters

Name Type Required Description
mode string False There are three modes: Authentication (auth)- Specifies that the system performs only RADIUS authentication; select this mode to authenticate your users through a RADIUS server. Accounting (acct) - Specifies that the system performs only RADIUS accounting; select this mode to pass accounting information about your users to the external RADIUS accounting server. Authentication and Accounting (both) - Specifies that the system performs both RADIUS authentication and RADIUS accounting simultaneously.
usePool string True Specify RADIUS servers for APM to authenticate users. Use Pool to create a high availability configuration. Direct - Select to specify one RADIUS server for APM to authenticate users.
authPort number True The port number for the authentication service on your RADIUS server. The default value of the authentication service port is 1813. The port value is required if the mode is authentication or both.
acctPort number True The port number for the accounting service on your RADIUS server. The default value of the accounting service port is 1812. The port value is required if the mode is accounting or both.
address string True The IP address of your RADIUS authorization or accounting server. The IP address is required if the UsePool option is enabled.
secret string True The shared secret password for your RADIUS AAA server.
nasIpAddress string False An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client.
nasIpv6Address string False An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client.
nasIdentifier string False A string to identify the NAS that originates the access request.
retries number True The number of times the BIG-IP system tries to make a connection to the RADIUS AAA server after the first attempt fails. The default value is 3.
radiusCharset string False Character encoding used for the user name and password. The Windows-1252 APM RADIUS Auth agent decodes the user name and password into CP-1252 before sending it to the RADIUS server. This is the default setting. UTF-8 APM RADIUS Auth agent sends the user name and password to the RADIUS server unmodified.
serviceType string False The type of service you use on the RADIUS server. Service types are specific to your RADIUS implementation. If you select Default, the service type is set to Authenticate Only.
timeout number True The number of seconds to wait for a response from the RADIUS AAA server before timing out. The default value is 5
name string True The name of the object..
partition string True The BIG-IP partition where the object should be placed.
subPath string False The BIG-IP partition where the object should be placed.
lsoDeviceReference reference False A Reference to the device.
     link string False URI link of the reference.
isLsoShared boolean True Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference False Reference to the device group.
     link string False URI link of the reference.

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
mode string There are three modes: Authentication (auth)- Specifies that the system performs only RADIUS authentication; select this mode to authenticate your users through a RADIUS server. Accounting (acct) - Specifies that the system performs only RADIUS accounting; select this mode to pass accounting information about your users to the external RADIUS accounting server. Authentication and Accounting (both) - Specifies that the system performs both RADIUS authentication and RADIUS accounting simultaneously.
usePool string Specify RADIUS servers for APM to authenticate users. Use Pool to create a high availability configuration. Direct - Select to specify one RADIUS server for APM to authenticate users.
authPort number The port number for the authentication service on your RADIUS server. The default value of the authentication service port is 1813. The port value is required if the mode is authentication or both.
acctPort number The port number for the accounting service on your RADIUS server. The default value of the accounting service port is 1812. The port value is required if the mode is accounting or both.
address string The IP address of your RADIUS authorization or accounting server. The IP address is required if the UsePool option is enabled.
secret string The shared secret password for your RADIUS AAA server.
nasIpAddress string An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client.
nasIpv6Address string An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client.
nasIdentifier string A string to identify the NAS that originates the access request.
retries number The number of times the BIG-IP system tries to make a connection to the RADIUS AAA server after the first attempt fails. The default value is 3.
radiusCharset string Character encoding used for the user name and password. The Windows-1252 APM RADIUS Auth agent decodes the user name and password into CP-1252 before sending it to the RADIUS server. This is the default setting. UTF-8 APM RADIUS Auth agent sends the user name and password to the RADIUS server unmodified.
serviceType string The type of service you use on the RADIUS server. Service types are specific to your RADIUS implementation. If you select Default, the service type is set to Authenticate Only.
timeout number The number of seconds to wait for a response from the RADIUS AAA server before timing out. The default value is 5
name string The name of the object..
partition string The BIG-IP partition where the object should be placed.
subPath string The BIG-IP partition where the object should be placed.
lsoDeviceReference reference A Reference to the device.
     name string The device name. Typically, it’s the device’s host name.
     machineId string The machine ID of the device.
     link string URI link of the reference.
isLsoShared boolean Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference Reference to the device group.
     name string Name of the device group
     link string URI link of the reference.

Error Response

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials (no Permission).

Permissions

Role Allow
Application_Editor No
Service_Catalog_Viewer No
Service_Catalog_Editor No
Trust_Discovery_Import No
Access_View No
Access_Edit Yes
Access_Manager Yes
Application_Manager No
Application_Viewer No
Trust_Discovery_Import No
Access_Deploy No
Access_Policy_Editor No

PUT /mgmt/cm/access/working-config/apm/aaa/radius/<id>

Request Parameters

Name Type Required Description
mode string False There are three modes: Authentication (auth)- Specifies that the system performs only RADIUS authentication; select this mode to authenticate your users through a RADIUS server. Accounting (acct) - Specifies that the system performs only RADIUS accounting; select this mode to pass accounting information about your users to the external RADIUS accounting server. Authentication and Accounting (both) - Specifies that the system performs both RADIUS authentication and RADIUS accounting simultaneously.
usePool string True Specify RADIUS servers for APM to authenticate users. Use Pool to create a high availability configuration. Direct - Select to specify one RADIUS server for APM to authenticate users.
authPort number True The port number for the authentication service on your RADIUS server. The default value of the authentication service port is 1813. The port value is required if the mode is authentication or both.
acctPort number False The port number for the accounting service on your RADIUS server. The default value of the accounting service port is 1812. The port value is required if the mode is accounting or both.
address string False The IP address of your RADIUS authorization or accounting server. The IP address is required if the UsePool option is enabled.
secret string False The shared secret password for your RADIUS AAA server.
nasIpAddress string False An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client.
nasIpv6Address string False An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client.
nasIdentifier string False A string to identify the NAS that originates the access request.
retries number False The number of times the BIG-IP system tries to make a connection to the RADIUS AAA server after the first attempt fails. The default value is 3.
radiusCharset string False Character encoding used for the user name and password. The Windows-1252 APM RADIUS Auth agent decodes the user name and password into CP-1252 before sending it to the RADIUS server. This is the default setting. UTF-8 APM RADIUS Auth agent sends the user name and password to the RADIUS server unmodified.
serviceType string False The type of service you use on the RADIUS server. Service types are specific to your RADIUS implementation. If you select Default, the service type is set to Authenticate Only.
timeout number False The number of seconds to wait for a response from the RADIUS AAA server before timing out. The default value is 5
name string False The name of the object..
partition string False The BIG-IP partition where the object should be placed.
subPath string False The BIG-IP partition where the object should be placed.
lsoDeviceReference reference False A Reference to the device.
     name string False The device name. Typically, it’s the device’s host name.
     machineId string False The machine ID of the device.
     link string False URI link of the reference.
isLsoShared boolean False Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference False Reference to the device group.
     name string False Name of the device group
     link string False URI link of the reference.

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
mode string There are three modes: Authentication (auth)- Specifies that the system performs only RADIUS authentication; select this mode to authenticate your users through a RADIUS server. Accounting (acct) - Specifies that the system performs only RADIUS accounting; select this mode to pass accounting information about your users to the external RADIUS accounting server. Authentication and Accounting (both) - Specifies that the system performs both RADIUS authentication and RADIUS accounting simultaneously.
usePool string Specify RADIUS servers for APM to authenticate users. Use Pool to create a high availability configuration. Direct - Select to specify one RADIUS server for APM to authenticate users.
authPort number The port number for the authentication service on your RADIUS server. The default value of the authentication service port is 1813. The port value is required if the mode is authentication or both.
acctPort number The port number for the accounting service on your RADIUS server. The default value of the accounting service port is 1812. The port value is required if the mode is accounting or both.
address string The IP address of your RADIUS authorization or accounting server. The IP address is required if the UsePool option is enabled.
secret string The shared secret password for your RADIUS AAA server.
nasIpAddress string An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client.
nasIpv6Address string An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client.
nasIdentifier string A string to identify the NAS that originates the access request.
retries number The number of times the BIG-IP system tries to make a connection to the RADIUS AAA server after the first attempt fails. The default value is 3.
radiusCharset string Character encoding used for the user name and password. The Windows-1252 APM RADIUS Auth agent decodes the user name and password into CP-1252 before sending it to the RADIUS server. This is the default setting. UTF-8 APM RADIUS Auth agent sends the user name and password to the RADIUS server unmodified.
serviceType string The type of service you use on the RADIUS server. Service types are specific to your RADIUS implementation. If you select Default, the service type is set to Authenticate Only.
timeout number The number of seconds to wait for a response from the RADIUS AAA server before timing out. The default value is 5
name string The name of the object..
partition string The BIG-IP partition where the object should be placed.
subPath string The BIG-IP partition where the object should be placed.
lsoDeviceReference reference A Reference to the device.
     name string The device name. Typically, it’s the device’s host name.
     machineId string The machine ID of the device.
     link string URI link of the reference.
isLsoShared boolean Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference Reference to the device group.
     name string Name of the device group
     link string URI link of the reference.

Error Response

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials (no Permission).

Permissions

Role Allow
Application_Editor No
Service_Catalog_Viewer No
Service_Catalog_Editor No
Trust_Discovery_Import No
Access_View No
Access_Edit Yes
Access_Manager Yes
Application_Manager No
Application_Viewer No
Trust_Discovery_Import No
Access_Deploy No
Access_Policy_Editor No

PATCH /mgmt/cm/access/working-config/apm/aaa/radius/<id>

Request Parameters

Name Type Required Description
usePool string True Specify RADIUS servers for APM to authenticate users. Use Pool to create a high availability configuration. Direct - Select to specify one RADIUS server for APM to authenticate users.
authPort number True The port number for the authentication service on your RADIUS server. The default value of the authentication service port is 1813. The port value is required if the mode is authentication or both.
acctPort number False The port number for the accounting service on your RADIUS server. The default value of the accounting service port is 1812. The port value is required if the mode is accounting or both.
address string False The IP address of your RADIUS authorization or accounting server. The IP address is required if the UsePool option is enabled.
secret string False The shared secret password for your RADIUS AAA server.
nasIpAddress string False An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client.
nasIpv6Address string False An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client.
nasIdentifier string False A string to identify the NAS that originates the access request.
retries number False The number of times the BIG-IP system tries to make a connection to the RADIUS AAA server after the first attempt fails. The default value is 3.
radiusCharset string False Character encoding used for the user name and password. The Windows-1252 APM RADIUS Auth agent decodes the user name and password into CP-1252 before sending it to the RADIUS server. This is the default setting. UTF-8 APM RADIUS Auth agent sends the user name and password to the RADIUS server unmodified.
serviceType string False The type of service you use on the RADIUS server. Service types are specific to your RADIUS implementation. If you select Default, the service type is set to Authenticate Only.
timeout number False The number of seconds to wait for a response from the RADIUS AAA server before timing out. The default value is 5
isLsoShared boolean False Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
mode string There are three modes: Authentication (auth)- Specifies that the system performs only RADIUS authentication; select this mode to authenticate your users through a RADIUS server. Accounting (acct) - Specifies that the system performs only RADIUS accounting; select this mode to pass accounting information about your users to the external RADIUS accounting server. Authentication and Accounting (both) - Specifies that the system performs both RADIUS authentication and RADIUS accounting simultaneously.
usePool string Specify RADIUS servers for APM to authenticate users. Use Pool to create a high availability configuration. Direct - Select to specify one RADIUS server for APM to authenticate users.
authPort number The port number for the authentication service on your RADIUS server. The default value of the authentication service port is 1813. The port value is required if the mode is authentication or both.
acctPort number The port number for the accounting service on your RADIUS server. The default value of the accounting service port is 1812. The port value is required if the mode is accounting or both.
address string The IP address of your RADIUS authorization or accounting server. The IP address is required if the UsePool option is enabled.
secret string The shared secret password for your RADIUS AAA server.
nasIpAddress string An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client.
nasIpv6Address string An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client.
nasIdentifier string A string to identify the NAS that originates the access request.
retries number The number of times the BIG-IP system tries to make a connection to the RADIUS AAA server after the first attempt fails. The default value is 3.
radiusCharset string Character encoding used for the user name and password. The Windows-1252 APM RADIUS Auth agent decodes the user name and password into CP-1252 before sending it to the RADIUS server. This is the default setting. UTF-8 APM RADIUS Auth agent sends the user name and password to the RADIUS server unmodified.
serviceType string The type of service you use on the RADIUS server. Service types are specific to your RADIUS implementation. If you select Default, the service type is set to Authenticate Only.
timeout number The number of seconds to wait for a response from the RADIUS AAA server before timing out. The default value is 5
name string The name of the object.
partition string The BIG-IP partition where the object should be placed.
subPath string The BIG-IP partition where the object should be placed.
lsoDeviceReference reference A Reference to the device.
     name string The device name. Typically, it’s the device’s host name.
     machineId string The machine ID of the device.
     link string URI link of the reference.
isLsoShared boolean Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference Reference to the device group.
     name string Name of the device group
     link string URI link of the reference.

Error Response

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials (no Permission).

Permissions

Role Allow
Application_Editor No
Service_Catalog_Viewer No
Service_Catalog_Editor No
Trust_Discovery_Import No
Access_View No
Access_Edit Yes
Access_Manager Yes
Application_Manager No
Application_Viewer No
Trust_Discovery_Import No
Access_Deploy No
Access_Policy_Editor No

DELETE /mgmt/cm/access/working-config/apm/aaa/radius/<id>

Request Parameters

None

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
mode string There are three modes: Authentication (auth)- Specifies that the system performs only RADIUS authentication; select this mode to authenticate your users through a RADIUS server. Accounting (acct) - Specifies that the system performs only RADIUS accounting; select this mode to pass accounting information about your users to the external RADIUS accounting server. Authentication and Accounting (both) - Specifies that the system performs both RADIUS authentication and RADIUS accounting simultaneously.
usePool string Specify RADIUS servers for APM to authenticate users. Use Pool to create a high availability configuration. Direct - Select to specify one RADIUS server for APM to authenticate users.
authPort number The port number for the authentication service on your RADIUS server. The default value of the authentication service port is 1813. The port value is required if the mode is authentication or both.
acctPort number The port number for the accounting service on your RADIUS server. The default value of the accounting service port is 1812. The port value is required if the mode is accounting or both.
address string The IP address of your RADIUS authorization or accounting server. The IP address is required if the UsePool option is enabled.
secret string The shared secret password for your RADIUS AAA server.
nasIpAddress string An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client.
nasIpv6Address string An arbitrary IPv6 address as RADIUS attribute 4, NAS-IP-Address, without changing the source IP address in the IP header of the RADIUS packets. This property is useful when you use a cluster of NAS to be recognized as a single RADIUS client.
nasIdentifier string A string to identify the NAS that originates the access request.
retries number The number of times the BIG-IP system tries to make a connection to the RADIUS AAA server after the first attempt fails. The default value is 3.
radiusCharset string Character encoding used for the user name and password. The Windows-1252 APM RADIUS Auth agent decodes the user name and password into CP-1252 before sending it to the RADIUS server. This is the default setting. UTF-8 APM RADIUS Auth agent sends the user name and password to the RADIUS server unmodified.
serviceType string The type of service you use on the RADIUS server. Service types are specific to your RADIUS implementation. If you select Default, the service type is set to Authenticate Only.
timeout number The number of seconds to wait for a response from the RADIUS AAA server before timing out. The default value is 5
name string The name of the object.
partition string The BIG-IP partition where the object should be placed.
subPath string The BIG-IP partition where the object should be placed.
lsoDeviceReference reference A Reference to the device.
     name string The device name. Typically, it’s the device’s host name.
     machineId string The machine ID of the device.
     link string URI link of the reference.
isLsoShared boolean Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference Reference to the device group.
     name string Name of the device group
     link string URI link of the reference.

Error Response

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials (no Permission).

Permissions

Role Allow
Application_Editor No
Service_Catalog_Viewer No
Service_Catalog_Editor No
Trust_Discovery_Import No
Access_View No
Access_Edit Yes
Access_Manager Yes
Application_Manager No
Application_Viewer No
Trust_Discovery_Import No
Access_Deploy No
Access_Policy_Editor No

Examples

Get AAA Radius Server

GET /mgmt/cm/access/working-config/apm/aaa/radius/<id>

Response

HTTP/1.1 200 OK
{
    "mode": "auth",
    "usePool": "disabled",
    "authPort": 1813,
    "acctPort": 1812,
    "address": "1.1.1.1",
    "secret": "secret",
    "nasIpAddress": "1.1.1.1",
    "nasIpv6Address": "1:1:1:1:1:1:1:1",
    "nasIdentifier": "SSID-2",
    "retries": 3,
    "radiusCharset": "cp1252",
    "serviceType": "default",
    "timeout": 5,
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "name": "bigip.foo.com",
        "machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
        "link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "name": "dg",
        "link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
    },
    "id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
    "kind": "cm:access:working-config:apm:aaa:state",
    "selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"

}

Create New AAA Radius Server

POST /mgmt/cm/access/working-config/apm/aaa/radius
{
    "mode": "auth",
    "usePool": "disabled",
    "authPort": 1813,
    "acctPort": 1812,
    "address": "1.1.1.1",
    "secret": "secret",
    "nasIpAddress": "1.1.1.1",
    "nasIpv6Address": "1:1:1:1:1:1:1:1",
    "nasIdentifier": "SSID-2",
    "retries": 3,
    "radiusCharset": "cp1252",
    "serviceType": "default",
    "timeout": 5,
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
    }
}

Response

HTTP/1.1 200 OK
{
    "mode": "auth",
    "usePool": "disabled",
    "authPort": 1813,
    "acctPort": 1812,
    "address": "1.1.1.1",
    "secret": "secret",
    "nasIpAddress": "1.1.1.1",
    "nasIpv6Address": "1:1:1:1:1:1:1:1",
    "nasIdentifier": "SSID-2",
    "retries": 3,
    "radiusCharset": "cp1252",
    "serviceType": "default",
    "timeout": 5,
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "name": "bigip.foo.com",
        "machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
        "link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "name": "dg",
        "link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
        },
        "id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}

Edit AAA Radius Server

PUT /mgmt/cm/access/working-config/apm/aaa/radius/<id>
{
    "mode": "auth",
    "usePool": "disabled",
    "authPort": 1813,
    "acctPort": 1812,
    "address": "1.1.1.1",
    "secret": "secret",
    "nasIpAddress": "1.1.1.1",
    "nasIpv6Address": "1:1:1:1:1:1:1:1",
    "nasIdentifier": "SSID-2",
    "retries": 3,
    "radiusCharset": "cp1252",
    "serviceType": "default",
    "timeout": 5,
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "name": "bigip.foo.com",
        "machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
        "link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "name": "dg",
        "link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
        },
        "id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}

Response

HTTP/1.1 200 OK
{
    "mode": "auth",
    "usePool": "disabled",
    "authPort": 1813,
    "acctPort": 1812,
    "address": "1.1.1.1",
    "secret": "secret",
    "nasIpAddress": "1.1.1.1",
    "nasIpv6Address": "1:1:1:1:1:1:1:1",
    "nasIdentifier": "SSID-2",
    "retries": 3,
    "radiusCharset": "cp1252",
    "serviceType": "default",
    "timeout": 5,
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "name": "bigip.foo.com",
        "machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
        "link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "name": "dg",
        "link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
        },
        "id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}

Edit AAA Radius Server

PATCH /mgmt/cm/access/working-config/apm/aaa/radius/<id>
{
    "usePool": "disabled",
    "authPort": 1813,
    "acctPort": 1812,
    "address": "1.1.1.1",
    "secret": "secret",
    "nasIpAddress": "1.1.1.1",
    "nasIpv6Address": "1:1:1:1:1:1:1:1",
    "nasIdentifier": "SSID-2",
    "retries": 3,
    "radiusCharset": "cp1252",
    "serviceType": "default",
    "timeout": 5,
    "isLsoShared": false,
}

Response

HTTP/1.1 200 OK
{
    "mode": "auth",
    "usePool": "disabled",
    "authPort": 1813,
    "acctPort": 1812,
    "address": "1.1.1.1",
    "secret": "secret",
    "nasIpAddress": "1.1.1.1",
    "nasIpv6Address": "1:1:1:1:1:1:1:1",
    "nasIdentifier": "SSID-2",
    "retries": 3,
    "radiusCharset": "cp1252",
    "serviceType": "default",
    "timeout": 5,
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "name": "bigip.foo.com",
        "machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
        "link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "name": "dg",
        "link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
        },
        "id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}

Delete AAA Radius Server

DELETE /mgmt/cm/access/working-config/apm/aaa/radius/<id>

Response

HTTP/1.1 200 OK
{
    "mode": "auth",
    "usePool": "disabled",
    "authPort": 1813,
    "acctPort": 1812,
    "address": "1.1.1.1",
    "secret": "secret",
    "nasIpAddress": "1.1.1.1",
    "nasIpv6Address": "1:1:1:1:1:1:1:1",
    "nasIdentifier": "SSID-2",
    "retries": 3,
    "radiusCharset": "cp1252",
    "serviceType": "default",
    "timeout": 5,
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "name": "bigip.foo.com",
        "machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
        "link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "name": "dg",
        "link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
        },
        "id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}