Siemens 5890 manual Configure the Radius Server

Page 40

SIEMENS 5890 DSL Router

Chapter 4 User Setup

User’s Guide

User Management

 

 

Configure the Radius Server

Remote Authentication Dial In User Service (RADIUS) is client-server based access control and authentication feature. The RADIUS client resides locally on the router and works in conjunction with a variety of RADIUS Server applications.

The client is responsible for passing user information to designated RADIUS servers, then acting on the returned response.

RADIUS servers are responsible for receiving user connection requests, authenticating the user, then returning all configuration information necessary for the client to deliver service to the user.

Transactions between the client and server are authenticated through the use of a shared secret, which is never sent over the network. In addition, any user passwords are sent encrypted between the client and RADIUS server to further secure account passwords.

When the router is configured to use RADIUS, a user attempting to login presents authentication information (Username and Password) to the router. Upon receipt, the router’s RADIUS Client creates an “access-request” containing username, the user's password, and method being used to access the system. The password is hidden using a method based on the RSA Message Digest Algorithm MD5 [3].

The access request is submitted to the RADIUS server via the network. If no response is returned within a length of time, the request is re-sent a specified number of times. The router’s RADIUS client can also forward requests to a secondary server in the event that the primary server is down or unreachable.

Once the RADIUS server receives the request, it validates the RADIUS client that sent the request. A request from a client for which the RADIUS server does not have a shared secret is discarded. If the client is valid, the RADIUS server consults a database of users to find the user whose name matches the request. The user entry in the database contains the required elements for authentication including the username, password, access and management privileges.

To configure the RADIUS Server:

1.Click Configure Radius Server on the left navigation pane of the User Management page. This displays the Radius Server Configuration page.

2.In Timeout, enter the number of seconds to between retry attempts when the Radius Server cannot be reached.

3.In Retry, enter the number of times the Radius Server should be contacted before attempting to connect to the secondary server.

4.For Primary and optionally Secondary servers, provide the IP Address, Port, and Secret for accessing the Radius Server. The Secret is used to authenticate requests between servers.

SIEMENS

34

Image 40
Contents 5890 Software License and Limited Warranty Software LicenseGeneral Provisions Table of Contents Advanced Setup User SetupSecurity Setup Monitoring Router Front Panel Back PanelHardware Specifications Software Specifications PPP RFC 1661, RFC Frame RelaySecurity Package Contents Installation RequirementsPC Requirements Network Service Provider Requirements Hardware Installation PC Configuration Windows 98/MEWindows NT Select TCP/IP Protocol from the Network Protocols listWindows Windows XP Mac OS Mac OSX Linux Configuring the Router Establish ConnectionRouter Information To do this Refer toAccess Easy Setup Wizard Select ProtocolIP Routing Enabled Bridging EnabledPoint-to-Point Protocol over ATM VC Multiplexing NAT Enabled Block Net Bios TrafficPoint-to-Point Protocol over ATM LLC Encapsulation NAT Enabled RFC 1483 Multiprotocol Encapsulation LLC/SNAP RFC 1483 VC Multiplexing Routed Point-to-Point Protocol over Ethernet over RFC1483 RFC 1483 MAC Encapsulated Routing MER RAW IP Dynamic Host Configuration Protocol Local Area Network Configuration User Setup User ManagementAdding/Modifying a User Account Deleting a User Account User Lookup LocalRadius NoneTrusted Secure Mode ConfigurationUntrusted Configure the Radius Server Configure the TacPlus Server Management Classes Class Functional AreasChange Password Access Control No access restrictionsClick Save and Reboot Telnet WebAdvanced Setup WAN Selection Sdsl ATM or Sdsl Frame RelayRemote File Configuration DMZ DMZ Router Clock Dhcp Dhcp Weighted Fair Queuing Differentiated Services FrameworkQoS Configure QoS policies Configure QoS Policy Siemens To the end Reorder QoS PoliciesBefore policy Routing Table Configuration Dial Backup Click Enable Dial BackupATM Traffic Shaping Constant Bit Rate Real-Time Variable Bit RateNon Real-Time Variable Bit Rate Unspecified Bit RateSwitch Management Switch Mirror Configuration Switch Age Time Command Line Interface File Editor Security Setup NAT NAT Server Configuration NAT Host Mapping Default DisablePort Number Snmp IP Filter Click Add IP RangeSnmp Password Enter the New Password and New Password againSecure Shell Key GeneratorConfigure SSH Load Keys Key Generator Firewall Scripts Stateful Firewall Firewall RulesConfigure Stateful Firewall View Dropped Packets Configure Firewall Rules Protocol/Port ApplicationDelete Firewall Rules IKE/IPSec Configuration Easy IKE/IPSec Setup Advanced IKE/IPSec Setup IKE PeersIKE Peers Definition IKE Proposals Definition IKE IPSec Proposals Definition Siemens IKE IPSec Policies Definition Siemens VPN Log On Monitoring Router System SummaryEthernet Interface Information Remote Connection InformationIP Routing Information System InformationDiagnostics PPPoE SessionInterface Information ATM StatisticsRouting Table Information Files InformationList All Configuration Data Memory UsageTCP/IP Statistics