`radius-server host tls time-window plus-or-minus-time-window`

Syntax

radius-server host <IP-ADDR | FQDN> tls time-window plus-or-minus-time-window
no radius-server host<IP-ADDR | FQDN> time-window plus-or-minus-time-window

Description

Enables replay protection for dynamic authorization messages and sets the minus-or-plus-time-window. Default is positive-time-window.

The no form the command disables replay protection.

Command context

config

Parameters

IP-ADDR: Specifies server IPv4 address.
FQDN: Specifies server FQDN.

Usage

Messages from the server must contain an event time stamp attribute, which differs from the current time by not more than the (+/-) specified number of seconds. Messages with the time stamp value outside the configured time window are considered invalid and ignored. Setting the time window disables the replay of the dynamic authorization messages.

Example

switch(config)# radius-server host 10.2.97.10 time-window
 <0-65535>             The window size in seconds.
 positive-time-window  Sets the current acceptable time-window as default (+)
                       time-window value for dynamic authorization messages.
 plus-or-minus-time-window Sets the current acceptable time-window as (+/-)
                       time-window value for dynamic authorization messages.