CONFIGURING USER AUTHENTICATION

Configuring RADIUS Logon Authentication

Remote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software running on a central server to control access to RADIUS-compliant devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch.

Command Usage

By default, management access is always checked against the authentication database stored on the local switch. If a remote authentication server is used, you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol.

RADIUS uses UDP, which only offers best-effort delivery. Also, RADIUS encrypts only the password in the access-request packet from the client to the server.

RADIUS logon authentication assigns a specific privilege level for each user name/password pair. The user name, password, and privilege level must be configured on the authentication server.

You can specify one to two authentication methods for any user to indicate the authentication sequence. For example, if you select (1) RADIUS and (2) Local, the user name and password on the RADIUS server is verified first. If the RADIUS server is not available, then the local user name and password is checked.

2-17

Page 49
Image 49
SMC Networks 10/100 manual Configuring Radius Logon Authentication, Command Usage