RADIUS Commands 701
32
RADIUS Commands
Managing and determining the validity of users in a large network can be
significantly simplified by making use of a single database of accessible
information supplied by an Authentication Server. These servers commonly
use the Remote Authentication Dial In User Service (RADIUS) protocol as
defined by RFC 2865.
RADIUS permits access to a user’s authentication and configuration
information contained on the server only when requests are received from a
client that shares an encrypted secret with the server. This secret is never
transmitted over the network in an attempt to maintain a secure
environment. Any requests from clients that are not appropriately configured
with the secret or access from unauthorized devices are silently discarded by
the server.
RADIUS conforms to a client/server model with secure communications
using UDP as a transport protocol. It is extremely flexible, supporting a
variety of methods to authenticate and statistically track users. It is very
extensible allowing for new methods of authentication to be added without
disrupting existing network functionality.
PowerConnect supports a RADIUS client in conformance with RFC 2865 and
accounting functions in conformance with RFC2866. The RADIUS client
will apply user policies under control of the RADIUS server, e.g. password
lockout or login time of day restrictions. The RADIUS client supports up to
32 named authentication and accounting servers.
Table32-1below indicates the RADIUS attrib utes supported by various
PowerConnect switch service. Administrators may configure these attributes
on the RADIUS server(s) when utilizing the swith RADIUS service.
Table 32-1. RADIUS Attributes Supported by PowerConnect Switch Se rvice
Type RADIUS Attri bute Name 802.1X User Manager Captive Portal
1USER-NAME Yes No No
2 USER-PASSWORD Yes No No
2CSPC4.XCT-SWUM2XX1.book Page 701 Monday, October 3, 2011 11:05 AM