Configuring authentication 181

Adding the RADIUS authentication method

The command to create the authentication ID launches a wizard. When
prompted, enter the following information. You can later modify all settings
for the specific RADIUS configuration (see “Configuring authentication
methods” (page 177) and “Modifying RADIUS configuration settings” (page
authentication type—options are radius|ldap|ntlm|sitemeinder
|cleartrust|cert|rsa|local. Enter radius.
authentication method name (auth name)—a string that specifies a
name for the method. After you have defined a name for the method,
you can use either the method name or the auth ID to access
the Authentication menu. In future releases of the Nortel SNAS
software, you will be able to reference this string in a client filter, so
that authentication to the server in question becomes a condition for
access rights for a group.
IP address of the RADIUS server.
port on which the RADIUS server is listening—the port number
configured on the RADIUS server to specify the port used by the
service. The default is 1812.
shared secret—a unique shared secret configured on the RADIUS
server that authenticates the Nortel SNAS to the RADIUS server.
vendor ID for group—corresponds to the vendor-specific attribute used
by the RADIUS server to send group names to the Nortel SNAS. The
default Vendor-Id is 1872 (Alteon).
To use a standard RADIUS attribute rather than the vendor-specific
one, set the vendor ID to 0 (see also vendor type).
vendor type for group—corresponds to the Vendor-Type value used
in combination with the Vendor-Id to identify the groups to which
the user belongs. The group names to which the vendor-specific
attribute points must match names you define on the Nortel SNAS
using the /cfg/doamin #/aaa/group <group ID> command (see
“Configuring groups” (page 156)). The default is 1.
If you set the vendor ID to 0 in order to use a standard RADIUS
attribute (see vendor ID), set the vendor type to a standard attribute
type as defined in RFC 2865. For example, to use the standard
attribute Class, set the vendor ID to 0 and the vendor type to 25.
vendor ID for domain—corresponds to the vendor-specific attribute
used by the RADIUS server to send domain names to the Nortel
SNAS. The default Vendor-Id is 1872 (Alteon).
vendor type for domain—corresponds to the Vendor-Type value used
in combination with the Vendor-Id to identify the domain. The default
is 3.
Nortel Secure Network Access Switch
Using the Command Line Interface
NN47230-100 03.01 Standard
28 July 2008
Copyright © 2007,2008 NortelNetworks