ASYNC ROUTER AR-P, AR-5, AND SYNC ROUTER REFERENCE MANUAL

2.4 authenticate

Select and configure authentication methods for dial-in clients

Syntax

authenticate add server host[:port] authenticate delete server host authenticate method {radius securid local} authenticate retry count

authenticate show [securid] authenticate test user-idauthenticate timeout value_in_seconds

Description

The authenticate command allows you to specify which authentication method to use for dialin clients, and to manipulate the server database for non-local authentication methods. Modem ports can be selected to support dial-in clients or to provide LAN-to-LAN services, but not both. Modem ports selected to provide LAN-to-LAN service use the authentication method specified using the PPP command (PAP, CHAP, SCHAP or none).

Subcommands and parameters

authenticate add server host[:port]

Authenticate add server is only available when the authentication method selected is RADIUS. Use authenticate add server to add a server to the list of RADIUS servers who are consulted when the Router verifies a dialin client’s name and password. If a port is not specified, the default RADIUS port of 1645 is used. The host can be specified as a hostname (e.g. buffet@rns.com) or as an IP address in dotted-quad notation (e.g. 131.143.16.45).

authenticate delete server host

Authenticate delete server is only available when the authentication method selected is RADIUS. Use authenticate delete server to delete a server from the list of RADIUS servers who are consulted when the Router verifies a dialin client’s name and password. The host can be specified as a hostname (e.g. buffet@rns.com) or as an IP address in dotted-quad notation (e.g. 131.143.16.45).

authenticate method {radius securid local}

Use authenticate method to select or change the authentication method used when the Router verifies a dialin client’s name and password. The local option enables the Router to use the Router’s client database when authenticating dialin clients.

authenticate retry count

Use authenticate retry to specify the number of times that a client can attempt to log in, using a name and password. The default number of attempts allowed is 3. This retry number only affects login attempts prior to the start of the PPP protocol, and does not have any effect on the number of attempts allowed during PAP and CHAP authentication. If you are using RADIUS or the local password file (Router), you must also specify which PPP authentication protocol will be used. Use the ppp command:

ppp iface lcp local authentication [ chap pap none allow [on off] ]

authenticate show [securid]

159

Page 159
Image 159
Black Box LRS002A-R2, LRA005A-R2, LRA001A-R2 manual Authenticate, 159, Subcommands and parameters