`radius-server host tls time-window positive-time-window`

Syntax

radius-server host <IP-ADDR | FQDN> tls time-window positive time-window

no radius-server host <IP-ADDR | FQDN> tls time-window positive time-window

Description

Configures the replay protection for dynamic authorization messages. Default is positive window-type.

The no form of the command disables replay protection.

Command context

config

Parameters

IP-ADDR: Specifies server IPv4 address.
FQDN: Specifies server FQDN.

Usage

When replay protection is enabled and positive-time-window is set, the messages from the server must contain a time stamp attribute that differs from the current time. The time stamp value must not be more than the specified number of seconds. Messages with time stamp value outside the valid window are considered stale and are ignored. Setting the time window to zero disables replay protection.

Example

switch(config)# radius-server host 10.2.97.10 tls time-window
 <0-65535>             The window size in seconds.
 positive-time-window  Sets the current acceptable time-window as default (+)
                       time-window value for dynamic authorization messages.
 plus-or-minus-time-window Sets the current acceptable time-window as (+/-)
                       time-window value for dynamic authorization messages.