Authentication, Radius Ports | RSA Security 6.1 manual

The RSA Authentication Manager software views the RSA RADIUS Server service as a host agent. Communication between RSA RADIUS Server and RSA Authentication Manager uses specific UDP ports, which are configured during installation. To prevent “masquerading” by unauthorized hosts, you configure RSA Authentication Manager with the IP addresses of each RSA RADIUS Server host. Before RSA Authentication Manager accepts an authentication request, it verifies that the source address contained in the request matches an authorized host agent.

RADIUS Ports

The RADIUS standard initially used UDP ports 1645 and 1646 for RADIUS authentication and accounting packets. The RADIUS standards group later changed the port assignments to 1812 and 1813, but many organizations continue using the old 1645 and 1646 port numbers for RADIUS.

Any two devices that exchange RADIUS packets must use compatible UDP port numbers. If you are configuring a RAS to exchange authentication packets with a RADIUS server, you must find out which port the server uses to receive authentication packets from its clients (1812, for example). You must then configure the RAS to send authentication packets on the same port (1812). The same is true for RADIUS accounting.

RSA RADIUS Server can listen on multiple ports. For compatibility, the server listens to the old and new default RADIUS ports: ports 1645 and 1812 for authentication, and ports 1646 and 1813 for accounting.

Authentication

Table 1 describes the conditions under which each type of RADIUS authentication message is issued, and the purpose of any RADIUS attributes the message contains.

Table 1. RADIUS Authentication Messages and Attributes

Message Conditions

Purpose of Message Attributes

When a RAS receives a connection request from a user, the RAS authenticates the request by sending an Access-Request to its RADIUS server.

Identify the user.

Describe the type of connection the user is trying to establish.

8

About RSA RADIUS Server

September 2005

Image 20

RSA Security 6.1 manual Authentication, Radius Ports

Contents

RSA Radius Server 6.1 Administrator’s Guide Contact Information Trademarks Distribution Contents Chapter Installing the RSA Radius Server Chapter Administering Profiles Glossary Index What’s In This Manual About This GuideAudience Syntax Conventions Related Documentation RSA Radius Server DocumentationVendor Information Requests for Comments RFCs Before You Call for Customer Support Getting Support and ServiceThird-Party Products RSA Radius Server Features About RSA Radius Server RSA Radius Server Overview About RSA Radius Server September RSA Radius Authentication Radius Packets Radius Client Configuration Radius ConfigurationRadius Server Configuration Shared Secrets Radius Node Secret Radius SecretReplication Secret Authentication Radius Ports Accounting Accounting Sequence Comma-Delimited Log Files Tunneled Accounting Attributes DictionariesVendor-Specific Attributes Make/Model Field Updating Attribute Information Checklist AttributesAttribute Lists Multi-Valued Attributes Attribute ValuesReturn List Attributes Default Values Orderable AttributesSystem Assigned Values Echo Property Centralized Configuration Management Replacing a Replica Radius Server Designating a New Primary Radius Server Recovering a Replica After a Failed Download Changing the Name or IP Address of a Server Installing the RSA Radius Server Before You BeginRequired Files Data Migration/Registration Installing on Windows System Requirements Installing the RSA Radius Server If you are installing a Replica RSA Radius Server, click Uninstalling the RSA Radius Server Software Installing on Solaris Installer Syntax Path Installing the RSA Radius Server Software Reppkg Enter RSA administration port Stopping and Starting the Radius Daemon Migration Log File Installing on Linux Linux Server System Requirements Should be overwritten Installing the RSA Radius Server Software Enter RSA administration port Etc/init.d/sbrd stop # ./uninstallrsa.sh Using RSA Radius Administrator Running RSA Radius Administrator File Menu Navigating in RSA Radius AdministratorRSA Radius Administrator Menus See , Administering Radius Clients on Panel Menu Help Menu RSA Radius Administrator ToolbarWeb Menu RSA Radius Administrator Windows Adding an Entry Editing an Entry Sample Add Window Cutting/Copying/Pasting Records Sample Edit Window Using Context Menus Resizing ColumnsChanging Column Sequence Sorting Information Adding a License Key Accessing Online HelpDisplaying Version Information Exiting the RSA Radius Administrator Add a License for Server Window Administering Radius Clients Radius Clients Panel Adding a Radius Client Add Radius Client Window Secret to display the characters in the shared secret Verifying a Shared Secret Deleting a Radius ClientPage Administering Radius Clients September About Profiles Administering ProfilesAdding a Checklist or Return List Attribute for a Profile Default Profile Resolving Profile and User Attributes Setting Up Profiles Adding a Profile Click Add to add this attribute/value pair to the list Removing a Profile Administering Profiles September Displaying Server Authentication Statistics Displaying Statistics Statistics Panel System Authentication Statistics Radius client is sending incorrectly formed packets to Displaying Server Accounting Statistics Statistics Panel System Accounting Statistics Accounting Statistic Meaning Resetting Server Statistics Displaying Radius Client Statistics Optionally, sort the messages by clicking a column header Displaying Statistics September Administering Radius Servers Replication Panel Adding a Radius Server Manually Add Server Window Enabling a Radius Server Deleting a Radius Server Publishing Server Configuration Information Notifying Replica Radius Servers Recovering a Replica After a Failed Download Designating a New Primary Radius Server Changing the Name or IP Address of a Server Regenerating a Node Secret Resetting the Radius Database Administering Radius Servers September Logging Files Using the Radius System LogLogging Level of Logging Detail Controlling Log File Size Using the Accounting Log Accounting Log File Format First Line Headings Comma Placeholders Standard Radius Accounting Attributes Acct-Status-Type Acct-Input-Packets Ldap Configuration Interface File P e n d i x a About the Ldap Configuration Interface Ldap Utilities Ldap Requests Downloading the Ldap Utilities Configuring the Ldap TCP Port Ldap Version Compliance Ldap Virtual Schema Available Attributes Ldap Schema Slide 2 Ldap Schema Slide 3 Cn=username,o=radius -w passcode cachedPW Unspecified or 0.0.0.0 RAS IP address When you display Ldap Command Examples Searching for Records Modifying Records Ldapmodify Option Meaning Where Adding Records Deleting Records Stattype server Statistics VariablesCounter Statistics Stattype authentication Stattype accounting Rate Statistics Using the Ldap Configuration Interface September Glossary AAA DNS Tokencode Radius Servers TLS 104 Glossary September Index Tokencode