Manuals / Cabletron Systems / Computer Equipment / Switch

Cabletron Systems CSX1000, CSX1200 manual Radius Authentication Server Configuration Elements

Models: CSX1000 CSX1200

1 644
Download 644 pages 26.85 Kb
Page 182
Image 182

USER’S GUIDE

RADIUS AUTHENTICATION SERVER CONFIGURATION ELEMENTS

IP ADDRESS

The IP address in dotted decimal notation for the RADIUS Server. This information is required for the Primary RADIUS Server, and also required if a Secondary RADIUS Server is configured. If a Secondary RADIUS Server is configured, it must have a different IP address than the Primary RADIUS Server.

SHARED SECRET

The shared secret can be 1 to 16 characters in length. Any ASCII character may be used. The same shared secret is configured on the CyberSWITCH and the RADIUS Server. It is used for security purposes. As opposed to a password, a shared secret is not sent across lines, and therefore is not susceptible to interception. Instead, a calculation is done on the packets transmitted between the two devices, and the results are compared to the shared secret for validation. The shared secret between the CyberSWITCH and the selected server secures the access to both devices. Both devices must know the shared secret before any exchange of information can take place. If the calculation’s results do not match the shared secret, the connection is terminated.

The RADIUS maintains a list of all the system’s services, which includes an entry for each System’s IP address and associated shared secret.

UDP PORT NUMBER

The UDP port number used by the RADIUS Server. This information is required for the Primary RADIUS Server, and also required if a Secondary RADIUS Server is configured. The default value of 1645 is almost always used.

NUMBER OF ACCESS REQUEST RETRIES

The number of Access Request Retries that the system will send to the RADIUS Server. The initial default value is 3. The acceptable range is from 0 to 32,767.

TIME BETWEEN ACCESS REQUEST RETRIES

The time between Access Request Retries sent from the system. The initial default value is 1. The acceptable range is from 1 to 10,000.

RADIUS AUTHENTICATION SERVER BACKGROUND INFORMATION

If you require a central database for device authentication (capable of servicing several CyberSWITCHes), you can use an industry standard authentication server. The Remote Authentication Dial-In User Service (RADIUS) serves this purpose for both device level and device level security on the CyberSWITCH. The RADIUS Server can also be used to authenticate an administrative session.

The Remote Authentication Dial-In User Service (RADIUS) is a central database supported by the CyberSWITCH. RADIUS operates using two components: an authentication server and client protocols. The RADIUS Server software is installed on a UNIX-based system that is local to the network. The client protocols allow the CyberSWITCH to communicate with the RADIUS server, ultimately authenticating devices.

The following is a typical scenario if the RADIUS Server is activated: when a remote device needs to be authenticated, the system will send an access request to the primary RADIUS Server. After the configured time interval the system will send an access request retry if the primary server does not respond. After the configured number of retries, the system will request authentication

182 CyberSWITCH

Page 181 Page 183
Page 182
Image 182
Cabletron Systems CSX1000, CSX1200 manual Radius Authentication Server Configuration Elements
Page 181 Page 183