Radius a – Enterasys Networks CSX6000 User Manual
Page 211
Central Site Remote Access Switch 211
C
ONFIGURING
O
FF
-
NODE
S
ERVER
I
NFORMATION
RADIUS Server
U
SING
M
ANAGE
M
ODE
C
OMMANDS
radius
Displays the current RADIUS server configuration data.
radius change
Allows you to change the current RADIUS server configuration data. After entering the
radius change
command, you will be prompted for the configuration elements you want to
change.
RADIUS A
UTHENTICATION
S
ERVER
C
ONFIGURATION
E
LEMENTS
IP A
DDRESS
The IP address in dotted decimal notation for the RADIUS Server. This information is required for
the Primary RADIUS Server, and also required if a Secondary RADIUS Server is configured. If a
Secondary RADIUS Server is configured, it must have a different IP address than the Primary
RADIUS Server.
S
HARED
S
ECRET
The shared secret can be 1 to 16 characters in length. Any ASCII character may be used. The same
shared secret is configured on the CyberSWITCH and the RADIUS Server. It is used for security
purposes. As opposed to a password, a shared secret is not sent across lines, and therefore is not
susceptible to interception. Instead, a calculation is done on the packets transmitted between the
two devices, and the results are compared to the shared secret for validation. The shared secret
between the CyberSWITCH and the selected server secures the access to both devices. Both devices
must know the shared secret before any exchange of information can take place. If the calculation’s
results do not match the shared secret, the connection is terminated.
The RADIUS server maintains a list of all the system’s services, which includes an entry for each
System’s IP address and associated shared secret.
UDP P
ORT
N
UMBER
The UDP port number used by the RADIUS Server. This information is required for the Primary
RADIUS Server, and also required if a Secondary RADIUS Server is configured. The default value
of 1645 is almost always used.
N
UMBER
OF
A
CCESS
R
EQUEST
R
ETRIES
The number of Access Request Retries that the system will send to the RADIUS Server. The initial
default value is 3. The acceptable range is from 0 to 32,767.
T
IME
BETWEEN
A
CCESS
R
EQUEST
R
ETRIES
The time between Access Request Retries sent from the system. The initial default value is 1. The
acceptable range is from 1 to 10,000.
RADIUS A
UTHENTICATION
S
ERVER
B
ACKGROUND
I
NFORMATION
If you require a central database for device authentication (capable of servicing several
CyberSWITCHes), you can use an industry standard authentication server. The Remote
Authentication Dial-In User Service (RADIUS) serves this purpose for both device level and user
level security on the CyberSWITCH. The RADIUS Server can also be used to authenticate an
administrative session.