Siemens 5935, 5930 manual Configure the Radius Server

Page 40

SIEMENS 5930/5935 Business Gateway

Chapter 4 User Setup

User’s Guide

User Management

 

 

Configure the Radius Server

Remote Authentication Dial In User Service (RADIUS) is client-server based access control and authentication feature. The RADIUS client resides locally on the router and works in conjunction with a variety of RADIUS Server applications.

The client is responsible for passing user information to designated RADIUS servers, then acting on the returned response.

RADIUS servers are responsible for receiving user connection requests, authenticating the user, then returning all configuration information necessary for the client to deliver service to the user.

Transactions between the client and server are authenticated through the use of a shared secret, which is never sent over the network. In addition, any user passwords are sent encrypted between the client and RADIUS server to further secure account passwords.

When the router is configured to use RADIUS, a user attempting to login presents authentication information (Username and Password) to the router. Upon receipt, the router’s RADIUS Client creates an “access-request” containing username, the user's password, and method being used to access the system. The password is hidden using a method based on the RSA Message Digest Algorithm MD5 [3].

The access request is submitted to the RADIUS server via the network. If no response is returned within a length of time, the request is re-sent a specified number of times. The router’s RADIUS client can also forward requests to a secondary server in the event that the primary server is down or unreachable.

Once the RADIUS server receives the request, it validates the RADIUS client that sent the request. A request from a client for which the RADIUS server does not have a shared secret is discarded. If the client is valid, the RADIUS server consults a database of users to find the user whose name matches the request. The user entry in the database contains the required elements for authentication including the username, password, access and management privileges.

To configure the RADIUS Server:

1.Click Configure Radius Server on the left navigation pane of the User Management page. This displays the Radius Server Configuration page.

2.In Timeout, enter the number of seconds to between retry attempts when the Radius Server cannot be reached.

3.In Retry, enter the number of times the Radius Server should be contacted before attempting to connect to the secondary server.

4.For Primary and optionally Secondary servers, provide the IP Address, Port, and Secret for accessing the Radius Server. The Secret is used to authenticate requests between servers.

SIEMENS

34

Page 39 Page 41
Image 40
Page 39 Page 41
Contents 5930/5935 Software License and Limited Warranty Software LicenseGeneral Provisions Table of Contents Installation Easy SetupUser Setup Advanced SetupSecurity Setup Monitoring RouterFront Panel for Back Panel forHardware Specifications for Software Specifications for PPP RFC SecurityFront Panel for Hardware Specifications for Software Specifications for IP Address Translation Package Contents Installation RequirementsPC Requirements Network Service Provider Requirements Hardware Installation PC Configuration Windows 98/MEWindows NT Select TCP/IP Protocol from the Network Protocols listWindows Windows XP Mac OS Mac OSX Linux Configuring the Router Establish ConnectionRouter Information To do this Refer toAccess Easy Setup Wizard Select ProtocolBridging Enabled IP Routing EnabledNAT Enabled Block Net Bios TrafficPoint-to-Point Protocol over Ethernet over PPPoA Point-to-Point Protocol over Ethernet over RFC1483 RFC RFC 1483 MAC Encapsulated Routing MER Dynamic Host Configuration Protocol Local Area Network Configuration User Setup User ManagementAdding/Modifying a User Account Deleting a User Account User Lookup LocalRadius NoneTrusted Secure Mode ConfigurationUntrusted Configure the Radius Server Configure the TacPlus Server Management Classes Class Functional AreasChange Password Access Control No access restrictionsClick Save and Reboot Telnet WebAdvanced Setup Router Clock Dhcp QoS Configure QoS Policy Siemens To the end Reorder QoS PoliciesBefore policy Routing Table Configuration Dial Backup Click Enable Dial BackupInternal Modem External Modem Switch Management Switch Mirror Configuration Switch Age Time ATM Traffic Shaping Constant Bit Rate Real-Time Variable Bit RateNon Real-Time Variable Bit Rate Unspecified Bit RateCommand Line Interface Security Setup NAT Default DisablePort Number Snmp Password Enter the New Password and New Password againSnmp IP Filter Click Add IP RangeSecure Shell Key GeneratorConfigure SSH Load Keys Key Generator Firewall Scripts Stateful Firewall Firewall RulesConfigure Stateful Firewall View Dropped Packets Configure Firewall Rules Protocol/Port ApplicationDelete Firewall Rules IKE/IPSec Configuration Easy IKE/IPSec Setup Advanced IKE/IPSec Setup IKE PeersIKE Peers Definition IKE Proposals Definition IKE IPSec Proposals Definition Siemens IKE IPSec Policies Definition Siemens VPN Log On Monitoring Router System SummaryEthernet Interface Information Remote Connection InformationIP Routing Information System InformationDiagnostics PPPoE SessionInterface Information ATM StatisticsRouting Table Information Files InformationList All Configuration Data Memory UsageTCP/IP Statistics
Top Page Image Contents