Configuring User Authentication Security
174 Perle 833IS User Guide
A backup RADIUS authentication server can be optionally configured on the 833IS.
This server will be used if the main authentication server is not available.
A RADIUS accounting server can be optionally configured on the 833IS. This
server can be used to keep accounting information for sessions. The type of
information collected by a RADIUS server includes items such as:
■Indication that the user has logged on
■Number of bytes, packets sent by the user
■Number of bytes, packets received by the user
■Total amount of time for which the user was logged on
■Indication that the user had been logged off
■Reason why the user was logged off
A backup RADIUS accounting server can be optionally configured on the 833IS.
This server would be used if the main if the main RADIUS accounting server was
not available. If no RADIUS accounting server is defined, the accounting
information will be sent to the RADIUS authentication server.
In order to provide Radius with full authentication authority over the 833IS unit, the
local database will no longer be used to authenticate "administration" users (users
who are authorized to manage the 833IS) when the 833IS is communicating with
either a primary or backup Radius server. Customers using Radius as the
authentication method will need to ensure that they have configured a user with
"administrator" capabilities on their Radius server (Service-Type =
Administrative).
In previous releases, a user record in the local data base was used for this purpose.
Now, a record in the local database will only be used if the 833IS cannot
communicate with a Radius Server. Do not put a record in the local database if you
want to ensure that Radius authentication is used under all conditions for
administration.
It is recommended that a local database record is used during initial setup to prevent
being locked out because of a misconfigured Radius setup.