RSA Security 6.1 manual Authentication, Radius Ports

Page 20

The RSA Authentication Manager software views the RSA RADIUS Server service as a host agent. Communication between RSA RADIUS Server and RSA Authentication Manager uses specific UDP ports, which are configured during installation. To prevent “masquerading” by unauthorized hosts, you configure RSA Authentication Manager with the IP addresses of each RSA RADIUS Server host. Before RSA Authentication Manager accepts an authentication request, it verifies that the source address contained in the request matches an authorized host agent.

RADIUS Ports

The RADIUS standard initially used UDP ports 1645 and 1646 for RADIUS authentication and accounting packets. The RADIUS standards group later changed the port assignments to 1812 and 1813, but many organizations continue using the old 1645 and 1646 port numbers for RADIUS.

Any two devices that exchange RADIUS packets must use compatible UDP port numbers. If you are configuring a RAS to exchange authentication packets with a RADIUS server, you must find out which port the server uses to receive authentication packets from its clients (1812, for example). You must then configure the RAS to send authentication packets on the same port (1812). The same is true for RADIUS accounting.

RSA RADIUS Server can listen on multiple ports. For compatibility, the server listens to the old and new default RADIUS ports: ports 1645 and 1812 for authentication, and ports 1646 and 1813 for accounting.

Authentication

Table 1 describes the conditions under which each type of RADIUS authentication message is issued, and the purpose of any RADIUS attributes the message contains.

Table 1. RADIUS Authentication Messages and Attributes

Message Conditions

Purpose of Message Attributes

When a RAS receives a connection request from a user, the RAS authenticates the request by sending an Access-Request to its RADIUS server.

Identify the user.

Describe the type of connection the user is trying to establish.

8

About RSA RADIUS Server

September 2005

Image 20

Contents RSA Radius Server 6.1 Administrator’s Guide Contact Information Trademarks Distribution Contents Chapter Installing the RSA Radius Server Chapter Administering Profiles Glossary Index What’s In This Manual About This GuideAudience Syntax Conventions Related Documentation RSA Radius Server DocumentationVendor Information Requests for Comments RFCsBefore You Call for Customer Support Getting Support and ServiceThird-Party Products RSA Radius Server Features About RSA Radius ServerRSA Radius Server Overview About RSA Radius Server SeptemberRSA Radius Authentication Radius Packets Radius Client Configuration Radius ConfigurationRadius Server Configuration Shared Secrets RadiusNode Secret Radius SecretReplication Secret Authentication Radius PortsAccounting Accounting Sequence Comma-Delimited Log FilesTunneled Accounting Attributes DictionariesVendor-Specific Attributes Make/Model FieldUpdating Attribute Information Checklist AttributesAttribute Lists Multi-Valued Attributes Attribute ValuesReturn List Attributes Default Values Orderable AttributesSystem Assigned Values Echo PropertyCentralized Configuration Management Replacing a Replica Radius Server Designating a New Primary Radius ServerRecovering a Replica After a Failed Download Changing the Name or IP Address of a ServerInstalling the RSA Radius Server Before You BeginRequired Files Data Migration/RegistrationInstalling on Windows System RequirementsInstalling the RSA Radius Server If you are installing a Replica RSA Radius Server, clickUninstalling the RSA Radius Server Software Installing on Solaris Installer SyntaxPath Installing the RSA Radius Server Software ReppkgEnter RSA administration port Stopping and Starting the Radius Daemon Migration Log File Installing on Linux Linux Server System RequirementsShould be overwritten Installing the RSA Radius Server Software Enter RSA administration port Etc/init.d/sbrd stop # ./uninstallrsa.sh Using RSA Radius Administrator Running RSA Radius AdministratorFile Menu Navigating in RSA Radius AdministratorRSA Radius Administrator Menus See , Administering Radius Clients on Panel MenuHelp Menu RSA Radius Administrator ToolbarWeb Menu RSA Radius Administrator Windows Adding an EntryEditing an Entry Sample Add WindowCutting/Copying/Pasting Records Sample Edit WindowUsing Context Menus Resizing ColumnsChanging Column Sequence Sorting InformationAdding a License Key Accessing Online HelpDisplaying Version Information Exiting the RSA Radius Administrator Add a License for Server WindowAdministering Radius Clients Radius Clients PanelAdding a Radius Client Add Radius Client WindowSecret to display the characters in the shared secret Verifying a Shared Secret Deleting a Radius ClientPage Administering Radius Clients September About Profiles Administering ProfilesAdding a Checklist or Return List Attribute for a Profile Default Profile Resolving Profile and User AttributesSetting Up Profiles Adding a ProfileClick Add to add this attribute/value pair to the list Removing a Profile Administering Profiles September Displaying Server Authentication Statistics Displaying StatisticsStatistics Panel System Authentication Statistics Radius client is sending incorrectly formed packets to Displaying Server Accounting Statistics Statistics Panel System Accounting StatisticsAccounting Statistic Meaning Resetting Server Statistics Displaying Radius Client StatisticsOptionally, sort the messages by clicking a column header Displaying Statistics September Administering Radius Servers Replication Panel Adding a Radius Server ManuallyAdd Server Window Enabling a Radius Server Deleting a Radius ServerPublishing Server Configuration Information Notifying Replica Radius ServersRecovering a Replica After a Failed Download Designating a New Primary Radius ServerChanging the Name or IP Address of a Server Regenerating a Node Secret Resetting the Radius Database Administering Radius Servers September Logging Files Using the Radius System LogLogging Level of Logging Detail Controlling Log File SizeUsing the Accounting Log Accounting Log File FormatFirst Line Headings Comma PlaceholdersStandard Radius Accounting Attributes Acct-Status-TypeAcct-Input-Packets Ldap Configuration Interface File P e n d i x aAbout the Ldap Configuration Interface Ldap UtilitiesLdap Requests Downloading the Ldap UtilitiesConfiguring the Ldap TCP Port Ldap Version ComplianceLdap Virtual Schema Available AttributesLdap Schema Slide 2 Ldap Schema Slide 3 Cn=username,o=radius -w passcode cachedPW Unspecified or 0.0.0.0 RAS IP address When you display Ldap Command Examples Searching for RecordsModifying Records Ldapmodify Option MeaningWhere Adding Records Deleting Records Stattype server Statistics VariablesCounter Statistics Stattype authentication Stattype accountingRate Statistics Using the Ldap Configuration Interface September Glossary AAADNS Tokencode Radius Servers TLS 104 Glossary September Index Tokencode