Radius Configuration Screen

3.7.1Setting the Last Resort Authentication

The Radius client can be configured to use primary and secondary servers. If the primary server does not respond within the specified number of retries during the specified time-out period, the client will then attempt to authenticate using the secondary server. If the secondary server also does not respond, then the client returns a time-out condition.

The “last resort” platform action in case of Radius server time-out for both local and remote access is selectable for each type of access:

Local login via the COM port.

Remote login via a remote network TELNET connection.

3.7.2Setting the Local and Remote Servers

Before setting the parameters, refer to Section 3.4.1 and Section 3.7.1 for a better understanding of Radius Servers and Last Resort Authentication. To set the local and remote server, proceed as follows:

1.Highlight the Timeout field and enter the maximum time in seconds to establish contact with the Radius Server before timing out.

2.Highlight the Retries field and enter the desired maximum number of attempts (1…N) to contact the Radius Server before timing out.

3.Highlight the Last-Resort Action/Local field and select ACCEPT, CHALLENGE, or REJECT to allow local access at the super-user level with no further attempt at authentication; revert local module to (legacy) passwords, or not allow local access.

4.Highlight the Last-Resort Action/Remote field select ACCEPT, CHALLENGE, or REJECT to allow remote access at the super-user level with no further attempt at authentication, revert remote module to (legacy) passwords, or not allow remote access, respectively.

5.Use the arrow keys to highlight the IP Address field and enter the IP address (in decimal-dot format) of the primary and secondary servers being configured for the RADIUS function.

6.Highlight the Secret field and enter a secret string of characters or the primary and secondary server (16 characters are recommended as per RFC 2865. The maximum is 32 characters).

7.Highlight the Auth Port field and enter the number of the Accounting UDP Port for the Primary and Secondary server.

8.Use the arrow keys to highlight the SAVE command and press ENTER to save your settings.

3-30Accessing Local Management

Page 68
Image 68
Enterasys Networks 2E253, 2H253, 2H252, 2H258 Setting the Last Resort Authentication, Setting the Local and Remote Servers