Siemens 5935, 5930 manual Configure the Radius Server

Configure the Radius Server

Remote Authentication Dial In User Service (RADIUS) is client-server based access control and authentication feature. The RADIUS client resides locally on the router and works in conjunction with a variety of RADIUS Server applications.

•The client is responsible for passing user information to designated RADIUS servers, then acting on the returned response.

•RADIUS servers are responsible for receiving user connection requests, authenticating the user, then returning all configuration information necessary for the client to deliver service to the user.

Transactions between the client and server are authenticated through the use of a shared secret, which is never sent over the network. In addition, any user passwords are sent encrypted between the client and RADIUS server to further secure account passwords.

When the router is configured to use RADIUS, a user attempting to login presents authentication information (Username and Password) to the router. Upon receipt, the router’s RADIUS Client creates an “access-request” containing username, the user's password, and method being used to access the system. The password is hidden using a method based on the RSA Message Digest Algorithm MD5 [3].

The access request is submitted to the RADIUS server via the network. If no response is returned within a length of time, the request is re-sent a specified number of times. The router’s RADIUS client can also forward requests to a secondary server in the event that the primary server is down or unreachable.

Once the RADIUS server receives the request, it validates the RADIUS client that sent the request. A request from a client for which the RADIUS server does not have a shared secret is discarded. If the client is valid, the RADIUS server consults a database of users to find the user whose name matches the request. The user entry in the database contains the required elements for authentication including the username, password, access and management privileges.

To configure the RADIUS Server:

1.Click Configure Radius Server on the left navigation pane of the User Management page. This displays the Radius Server Configuration page.

2.In Timeout, enter the number of seconds to between retry attempts when the Radius Server cannot be reached.

3.In Retry, enter the number of times the Radius Server should be contacted before attempting to connect to the secondary server.

4.For Primary and optionally Secondary servers, provide the IP Address, Port, and Secret for accessing the Radius Server. The Secret is used to authenticate requests between servers.