Radius commands – Avaya P334T-ML User Manual

Chapter 8 User Authentication

Avaya P334T-ML User’s Guide

49

to the switch's embedded management.
The Remote Authentication Dial-In User Service (RADIUS) is an IETF standard
(RFC 2138) client/server security protocol. Security and login information is stored
in a central location known as the RADIUS server. RADIUS clients, such as the P330,
communicate with the RADIUS server to authenticate users.
All transactions between the RADIUS client and server are authenticated through
the use of a “shared secret” which is not sent over the network. The shared secret is
an authentication password configured on both the RADIUS client and its RADIUS
servers. The shared secret is stored as clear text in the client’s file on the RADIUS
server, and in the non-volatile memory of the P330. In addition, user passwords are
sent between the client and server are encrypted for increased security.
Figure 8.2 illustrates the RADIUS authentication procedure:

Figure 8.2

RADIUS Authentication Procedure

Radius Commands

User attempts login

Local User

account

authenticated in

switch?

Perform log-in according

to user's priviliege level

to switch

Yes

Authentication

request sent to

RADIUS Server

No

User name and

password

authenticated?

Yes

Authentication Reject

sent to switch

User cannot access switch

embedded managegment

No