beautypg.com

Configure the radius server – Siemens se5880 User Manual

Page 31

background image

SIEMENS se5880 Ethernet Security Router
User’s Guide

Chapter 4 User Setup

User Management

SIEMENS

25

Configure the Radius Server

Remote Authentication Dial In User Service (RADIUS) is client-server based access control and authentication

feature. The RADIUS client resides locally on the router and works in conjunction with a variety of RADIUS

Server applications.

The client is responsible for passing user information to designated RADIUS servers, then acting on the
returned response.

RADIUS servers are responsible for receiving user connection requests, authenticating the user, then
returning all configuration information necessary for the client to deliver service to the user.

Transactions between the client and server are authenticated through the use of a shared secret, which is

never sent over the network. In addition, any user passwords are sent encrypted between the client and

RADIUS server to further secure account passwords.

When the router is configured to use RADIUS, a user attempting to login presents authentication information

(Username and Password) to the router. Upon receipt, the router’s RADIUS Client creates an “access-request”

containing username, the user's password, and method being used to access the system. The password is

hidden using a method based on the RSA Message Digest Algorithm MD5 [3].

The access request is submitted to the RADIUS server via the network. If no response is returned within a

length of time, the request is re-sent a specified number of times. The router’s RADIUS client can also forward

requests to a secondary server in the event that the primary server is down or unreachable.

Once the RADIUS server receives the request, it validates the RADIUS client that sent the request. A request

from a client for which the RADIUS server does not have a shared secret is discarded. If the client is valid, the

RADIUS server consults a database of users to find the user whose name matches the request. The user entry

in the database contains the required elements for authentication including the username, password, access

and management privileges.

To configure the RADIUS Server:

1. Click Configure Radius Server on the left navigation pane of the User Management page. This displays

the Radius Server Configuration page.

2. In Timeout, enter the number of seconds to between retry attempts when the Radius Server cannot be

reached.

3. In Retry, enter the number of times the Radius Server should be contacted before attempting to connect to

the secondary server.

4. For Primary and optionally Secondary servers, provide the IP Address, Port, and Secret for accessing

the Radius Server. The Secret is used to authenticate requests between servers.