beautypg.com

6 radius client configuration, Radius client configuration – CANOGA PERKINS 9145E NID Software Version 3.0 User Manual

Page 44

background image

9145E NID Software User’s Manual

System Configuration

RADIUS Client Configuration

30

3.6 RADIUS Client Configuration

RADIUS (Remote Authentication Dial-In User Service) software support is provided for User
Authentication.

RADIUS provides the ability to have user interface accounts to be maintained and authenticated
by a RADIUS server. The RADIUS server also maintains user account information:

AccessFrom - Where the account can be used.

AccessLevel - The security access level for the user.

Description - The account description.

LogoutUser - Whether or not the user can be forcefully logged out.

When a user enters a username and password and RADIUS has been configured, the username
and password is sent to the RADIUS server and is validated there. If valid, then the RADIUS
server sends an accept message along with the above account information and the 9145E
RADIUS client allows the user in with this configuration.

The RADIUS server may send a reject message in which case the user is not logged in. The
RADIUS server may also send a challenge message if it has been configured to do so in which
case the user is prompted for additional authentication information at which time the RADIUS
server will then send an accept or reject message.

This is the RADIUS client configuration:

Up to two RADIUS servers can be configured. The RADIUS server that is consulted is
determined by the server priority. The server with the lowest priority number is consulted first. If it
does not respond, then the other RADIUS server is consulted (if configured). If both servers are
configured with the same priority then a round-robin access is used; first one RADIUS server will
be consulted and the next request will be sent to the other RADIUS server first. The server
priorities are relative. That is, you could configure one server with priority 10 and the other with
20. The values of the numbers do not matter, just the relative values of the numbers (in this case
10 being less than 20). This is done to allow you to easily change the server priorities without
having to edit both entries. If you had configured the servers with 10 and 20, you could make the
server with 20 have higher priority simply by changing its priority to 5; no need to change the one
with 10.

1. RADIUS Client Mode: Options: RADIUS then Local, Local then RADIUS, or None

2. RADIUS then Local says that when a user tries to log in, the username and password is

passed to the configured Primary RADIUS Server first for authentication. If there is no
connectivity to the Primary RADIUS Server, the RADIUS Client attempts to authenticate
the login request on the Secondary RADIUS Server. If there is no connectivity to the
Secondary RADIUS Server, the 9145E can then use the local database.

3. Local then RADIUS says that when a user tries to log in, the local user accounts

database is consulted to try to authenticate the user. If the user cannot be authenticated
by the local accounts database, then the RADIUS Server is consulted to authenticate the
user.

4. None says that the RADIUS server is never used and all user access is authenticated by

the local user accounts database.

5. RADIUS Server IP Address: The IP address of the RADIUS server. If 0.0.0.0 then this

server configuration will not be used.

See also other documents in the category CANOGA PERKINS Computer hardware: