Version 7.0 241 Mediant 3000
User's Manual 16. Services
16.2.3 Configuring Interface for RADIUS Communication
The device can communicate with the RADIUS server through its' OAMP (default) or SIP
Control network interface. To change the interface used for RADIUS traffic, use the
RadiusTrafficType parameter.
Note: If set to Control, only one Control interface must be configured in the Interface
table (see ''Configuring IP Network Interfaces'' on page 145); otherwise, RADIUS
communication will fail.
16.2.4 Configuring General RADIUS Parameters
The procedure below describes the configuration of RADIUS parameters that are common
between RADIUS-based user authentication and RADIUS-based accounting.
 To configure general RADIUS parameters:
1. Open the Authentication Settings page (Configuration tab > System menu >
Management > Authentication Settings).
2. Scroll down the page to the RADIUS Settings group.
3. In the 'RADIUS VSA Vendor ID' field, enter the same vendor ID number as set on the
third-party RADIUS server. The vendor-specific attribute (VSA) identifies the device to
the RADIUS server using the Vendor ID. For an example of using the Vendor ID, see
''Setting Up a Third-Party RADIUS Server'' on page 242.
4. Configure RADIUS packet retransmission when no response is received from the
RADIUS server:
a. In the 'RADIUS Packets Retransmission' field (RADIUSRetransmission), enter
the maximum number of RADIUS retransmissions that the device performs if no
response is received from the RADIUS server.
b. In the 'RADIUS Response Time Out' field (RadiusTO), enter the interval (in
seconds) that the device waits for a response before sending a RADIUS
retransmission.
5. Click Submit.
16.2.5 RADIUS-based Management User Authentication
You can enhance security for your device by implementing Remote Authentication Dial-In
User Service (RADIUS - RFC 2865) for authenticating multiple management user accounts
of the device’s embedded Web and Telnet (CLI) servers. Thus, RADIUS also prevents
unauthorized access to your device.
When RADIUS authentication is not used, the user's login username and password are
locally authenticated by the device in its Web Users table (database). However, the Web
Users table can be used as a fallback mechanism in case the RADIUS server does not
respond. For configuring local user accounts, see ''Configuring Web User Accounts'' on
page 82.
When RADIUS authentication is used, the RADIUS server stores the user accounts -
usernames, passwords, and access levels (authorization). When a management user
(client) tries to access the device, the device sends the RADIUS server the user's
username and password for authentication. The RADIUS server replies with an acceptance
To Next Page
Loading...
Need help?
General
