Radius a – Cabletron Systems CSX1000 User Manual
Page 182
USER’S GUIDE
182 CyberSWITCH
RADIUS A
UTHENTICATION
S
ERVER
C
ONFIGURATION
E
LEMENTS
IP A
DDRESS
The IP address in dotted decimal notation for the RADIUS Server. This information is required for
the Primary RADIUS Server, and also required if a Secondary RADIUS Server is configured. If a
Secondary RADIUS Server is configured, it must have a different IP address than the Primary
RADIUS Server.
S
HARED
S
ECRET
The shared secret can be 1 to 16 characters in length. Any ASCII character may be used. The same
shared secret is configured on the CyberSWITCH and the RADIUS Server. It is used for security
purposes. As opposed to a password, a shared secret is not sent across lines, and therefore is not
susceptible to interception. Instead, a calculation is done on the packets transmitted between the
two devices, and the results are compared to the shared secret for validation. The shared secret
between the CyberSWITCH and the selected server secures the access to both devices. Both devices
must know the shared secret before any exchange of information can take place. If the calculation’s
results do not match the shared secret, the connection is terminated.
The RADIUS maintains a list of all the system’s services, which includes an entry for each System’s
IP address and associated shared secret.
UDP P
ORT
N
UMBER
The UDP port number used by the RADIUS Server. This information is required for the Primary
RADIUS Server, and also required if a Secondary RADIUS Server is configured. The default value
of 1645 is almost always used.
N
UMBER
OF
A
CCESS
R
EQUEST
R
ETRIES
The number of Access Request Retries that the system will send to the RADIUS Server. The initial
default value is 3. The acceptable range is from 0 to 32,767.
T
IME
BETWEEN
A
CCESS
R
EQUEST
R
ETRIES
The time between Access Request Retries sent from the system. The initial default value is 1. The
acceptable range is from 1 to 10,000.
RADIUS A
UTHENTICATION
S
ERVER
B
ACKGROUND
I
NFORMATION
If you require a central database for device authentication (capable of servicing several
CyberSWITCHes), you can use an industry standard authentication server. The Remote
Authentication Dial-In User Service (RADIUS) serves this purpose for both device level and device
level security on the CyberSWITCH. The RADIUS Server can also be used to authenticate an
administrative session.
The Remote Authentication Dial-In User Service (RADIUS) is a central database supported by the
CyberSWITCH. RADIUS operates using two components: an authentication server and client
protocols. The RADIUS Server software is installed on a UNIX-based system that is local to the
network. The client protocols allow the CyberSWITCH to communicate with the RADIUS server,
ultimately authenticating devices.
The following is a typical scenario if the RADIUS Server is activated: when a remote device needs
to be authenticated, the system will send an access request to the primary RADIUS Server. After
the configured time interval the system will send an access request retry if the primary server does
not respond. After the configured number of retries, the system will request authentication