beautypg.com

Netopia R910 User Manual

Page 153

background image

Security 13-153

hostname to be resolved using the Domain Name System (DNS) information configured in the router, or by
using an IP address in dotted-quad notation. The RADIUS Ser ver Addr/Name items are limited to 63
characters.

In addition to specifying the ser ver’s hostname or IP address, you must also specify a RADIUS Server
Secret and an Alt RADIUS Server Secret (if configured) known to both the router and the RADIUS ser ver.
The secret is used to encr ypt RADIUS transactions in transit. The RADIUS Ser ver Secret items are limited
to 31 characters.

The router’s RADIUS client implementation suppor ts passwords longer than 16 characters and properly
encr ypts such passwords per RFC 2138. Not all RADIUS ser ver implementations handle passwords longer
than 16 characters.

RADIUS Identifier can be either an IP address or an arbitrar y string to be used as the identifier in the
router’s outgoing Access-Request packets. The RADIUS identifier is limited to 63 characters.

RADIUS Server Authentication Port specifies the UDP destination por t to which the router’s RADIUS
authentication requests will be sent. The default value is 1812, the official IANA assigned UDP por t
number for the RADIUS authentication ser vice.

Note: Cer tain security-related configuration changes cause the router to display a warning aler t. Choosing
either Local then RADIUS or RADIUS then Local from the Security Databases pop-up menu when there are no
configured username/password pairs causes the router to present the following warning aler t:

Attempting to delete the last non-URG username/password pair from the local authentication database when
the Security Databases pop-up menu is set to either “Local then RADIUS” or “RADIUS then Local” causes the
router to present the following warning aler t:

Advanced Security Options
+---------------------------------------------------------------+
+---------------------------------------------------------------+
| |
| You have no local passwords defined. If you continue you will |
| be unable to configure this device unless a Radius Server is |
| available to authenticate you. |
| |
| CONTINUE CANCEL |
| |
+---------------------------------------------------------------+