RADIUS network authenticated login
RADIUS network authenticated login
RADIUS server configurations apply to administrative access accounts and client 802.1X authentication. RADIUS
Authenticating Administrative Access
RADIUS network authenticated logins allows the administrators to easily change all passwords by changing the password on the RADIUS server, simplifying management of a large network with multiple users.
To use RADIUS network authentication, you will need a properly configured RADIUS server (free RADIUS servers are available for Linux operating systems or
RADIUS authenticated logins only support the “admin” user account privileges with the following exceptions:
•The RADIUS account cannot disable RADIUS login support
•The RADIUS account cannot change the
Note: The “admin” account name is not reserved. You may create an “admin” account on the RADIUS server. If so, the T3 will first check the password against the local “admin” account password before trying the RADIUS server. Unless there is a special reason to do so, we recommend not using an “admin” account on the RADIUS server
Authenticating Clients using 802.1X
To use RADIUS authentication, the server must support 802.1X protocol and a supported EAP type. Supported EAP types are TLS, TTLS, and PEAPv0 (also known simply as PEAP)
Configure the RADIUS Server
To create a RADIUS server configuration from the CLI, use the following command:
radius server config
Options
Index
Timeout
Retries
Description
5 RADIUS servers can be added. Authentication will be performed starting with the server in index 1
IP address of the RADIUS server
This is the password used by the RADIUS server to authentication the
Number of seconds to wait after sending an
Number of retries before giving up and trying a different server. A practical entry for retries is 2 to 3.
Motorola, Inc. | Page 32 of 50 | |
|
|
|
