beautypg.com

Radius client support, Overview, Purpose of radius – Avaya 580 User Manual

Page 131: Authentication process, Radius client support -19, Overview -19

background image

Document No. 10-300077, Issue 2

4-19

Security

RADIUS Client Support

Overview

Purpose of
RADIUS

In a network with many Avaya switches, configuring user accounts on each
of the switches can be time-consuming.You can centralize the user accounts
by using a Remote Authentication Dial-In User Service (RADIUS) server.

RADIUS is a service that authenticates users when they attempt to log in to
a Network Access Device (NAD) such as an Avaya switch. RADIUS
typically runs on a Windows or Linux server; however, it can run on other
platforms as well depending on the vendor.

* Note: RADIUS supports a maximum of 27 characters for user names.

If you use a RADIUS server to authenticate users, their switch
user names must not exceed 27 characters, regardless of the 31-
character maximum of the P580 and P882.

Authentication
Process

RADIUS is a client/server architecture where each device that uses the
RADIUS server is a RADIUS client. The client sends Access-Request
messages to the RADIUS server. These messages include the user name, the
password encrypted, and optional parameters depending on configuration.

*Important: The RADIUS Client and Server must be configured

with the exact same parameters.

Once the RADIUS server receives the Access-Request message, it searches
its database for the user account. If the server finds the account, the
password is correct, and the optional parameters match, the server sends an
Access-Accept message to the RADIUS client. The Access-Accept
message indicates that the user account exists, the password is correct, and
the user has a certain access type (for example, administrative or read-only).
If the RADIUS server does not find the account or the password is
incorrect, then the server sends an Access-Reject message to the RADIUS
client.

* Note: Due to an interoperability issue, the P580 and P882 RADIUS

client does not accept Access-Accept messages from Windows
2000 RADIUS servers, which generate the Generate-Class-
Attribute. To resolve this issue, obtain Windows 2000 service
pack 3 or later. After installing the latest service pack, set the
Generate-Class-Attribute field to FALSE.

This manual is related to the following products: