User's Manual 18. Services
Version 6.8 221 Mediant 500L MSBR
18.3 RADIUS Authentication
You can enhance security for your device by implementing Remote Authentication Dial-In
User Service (RADIUS - RFC 2865) for authenticating multiple management user accounts
of the device’s embedded Web and Telnet (CLI) servers. Thus, RADIUS also prevents
unauthorized access to your device.
When RADIUS authentication is not used, the user's login username and password are
locally authenticated by the device in its Web Users table (database). However, the Web
Users table can be used as a fallback mechanism in case the RADIUS server does not
respond. For configuring local user accounts, see ''Configuring Web User Accounts'' on
page 64.
When RADIUS authentication is used, the RADIUS server stores the user accounts -
usernames, passwords, and access levels (authorization). When a management user
(client) tries to access the device, the device sends the RADIUS server the user's
username and password for authentication. The RADIUS server replies with an acceptance
or a rejection notification. During the RADIUS authentication process, the device’s Web
interface is blocked until an acceptance response is received from the RADIUS server.
Note that communication between the device and the RADIUS server is done by using a
shared secret, which is not transmitted over the network.
Figure 18-3: RADIUS Login Authentication for Management
For using RADIUS, you need to do the following:
Set up a RADIUS server (third-party) to communicate with the device - see ''Setting
Up a Third-Party RADIUS Server'' on page
222
Configure the device as a RADIUS client for communication with the RADIUS server -
see ''Configuring RADIUS Authentication'' on page
223
To Next Page
Loading...
Need help?
General
