Radius authentication features in web os, Radius authentication features in web os 104 – Nortel Networks WEB OS 212777 User Manual

Web OS 10.0 Application Guide

104

n

Chapter 5: Secure Switch Management

212777-A, February 2002

RADIUS Authentication Features in Web OS

The following Radius Authentication features are supported in Web OS:

n

Supports RADIUS client on the switch, based on the protocol definitions in RFC 2138 and
2866.

n

Enables/disables support of RADIUS authentication and authorization.

The default disables the use of RADIUS for authentication and authorization.

n

Allows RADIUS secret password up to 32 bytes and less than 16 octets.

n

Supports secondary authentication server so that when the primary authentication server
is unreachable, the switch can send client authentication requests to the secondary authen-
tication server.

Use the

/cfg/sys/radius/cur

command to show the currently active RADIUS

authentication server.

n

Supports user-configurable RADIUS server retry and time-out values.

The parameters are:

o

Time-out value = 1-10 seconds

o

Retries = 1-3

The switch will time out if it does not receive a response from the RADIUS server in 1-3
retries. The switch will also automatically retry connecting to the RADIUS server before it
declares the server down.

n

Supports user-configurable RADIUS application port.

The default is 1645/UDP based on RFC 2138. Port 1812 is also supported.

n

Allows network administrator to define privileges for one or more specific users to access
the switch at the RADIUS user database.

n

SecurID is supported if the RADIUS server can do an ACE/Server client proxy. The pass-
word is the PIN number, plus the token code of the SecurID card.