Part No. 116752 Rev. AMay 1997Router Software Version 11.02Site Manager Software Version 5.02 Configuring RADIUS
116752 Rev. A xi Tables Table B-1. RADIUS Parameter Defaults ... B-1
116752 Rev. A xiii About This Guide If you are responsible for configuring Remote Authentication Dial-In User Service (RADIUS) software, read this ma
Configuring RADIUSxiv 116752 Rev. A Conventions bold text Indicates text that you need to enter, command names, and buttons in menu paths.Example: En
About This Guide 116752 Rev. A xv Acronyms CHAP Challenge Handshake Authentication ProtocolIP Internet ProtocolIPX Internet Packet ExchangeIPXWAN In
Configuring RADIUSxvi 116752 Rev. A Bay Networks Customer Service You can purchase a support contract from your Bay Networks distributor or authorize
About This Guide 116752 Rev. A xvii For More Information For information about Bay Networks and its products, visit the Bay Networks World Wide Web
116752 Rev. A 1-1 Chapter 1Starting RADIUS Remote Authentication Dial-In User Service (RADIUS) defines a method of centralizing authentication and ac
ii 116752 Rev. A 4401 Great America Parkway 8 Federal StreetSanta Clara, CA 95054 Billerica, MA 01821 Copyright © 1988–1997 Bay Networks, Inc. All ri
Configuring RADIUS1-2 116752 Rev. A The steps that instruct you to set a parameter value are followed by a box that includes the Site Manager paramet
Starting RADIUS 116752 Rev. A 1-3 Enabling RADIUS To enable RADIUS accounting or authentication, begin at the Configuration Manager window: 1. Select
Configuring RADIUS1-4 116752 Rev. A Figure 1-2. RADIUS Client Configuration Window 2. To configure a slot for RADIUS, click on the box labeled None. Si
Starting RADIUS 116752 Rev. A 1-5 3. Select Authentication, Accounting, or Both to enable both services. If the router is already using a slot for d
Configuring RADIUS1-6 116752 Rev. A Figure 1-5. Sync Line Media Type WindowFigure 1-6. Async Line Media Type Window Click on OK to accept the line me
Starting RADIUS 116752 Rev. A 1-7 • To configure an ISDN line for RADIUS, click on an ISDN, MCT1, or MCE1 connector.Site Manager displays the ISDN Sw
Configuring RADIUS1-8 116752 Rev. A Site Manager adds the letters DR to the connector’s name to designate it as a RADIUS interface.5. Keep the RADIUS
Starting RADIUS116752 Rev. A 1-9 Specifying the Primary Server’s IP AddressTo enable RADIUS, you must specify the IP address of the RADIUS server. The
Configuring RADIUS1-10 116752 Rev. AFigure 1-10. RADIUS Server Configuration Window5.Click on Done to accept the parameter defaults.You return to the R
Starting RADIUS116752 Rev. A 1-11 Selecting a Protocol for RADIUS AuthenticationFor RADIUS authentication, you must select a protocol. Once you select
116752 Rev. A iii Bay Networks Software License This Software License shall govern the licensing of all software provided to licensee by Bay Network
Configuring RADIUS1-12 116752 Rev. AFigure 1-12. RADIUS Dial_In Protocol Window3.Select Enable for the protocol you want to use, then click on OK.Refe
Starting RADIUS116752 Rev. A 1-13 If your network uses a combination of leased lines and dial-up lines (for example, using dial backup service to supp
116752 Rev. A 2-1 Chapter 2RADIUS OverviewRemote access is a rapidly growing segment of the networking industry. Users in branch offices, sales people
Configuring RADIUS2-2 116752 Rev. ARADIUS authentication lets you identify remote users before you give them access to a central network site. RADIUS
RADIUS Overview116752 Rev. A 2-3 RADIUS AuthenticationYou configure RADIUS authentication on a slot-by-slot basis. Therefore, a call designated for a R
Configuring RADIUS2-4 116752 Rev. AUsing IP and IPX Unnumbered Protocols for PPP ConnectionsThe RADIUS client supports only IP and IPX unnumbered inte
RADIUS Overview116752 Rev. A 2-5 Configuring the Remote User to Work with the RADIUS ClientIn most RADIUS networks, the remote user is a router. To ena
Configuring RADIUS2-6 116752 Rev. ARADIUS AccountingYou configure RADIUS accounting on a slot-by-slot basis. Therefore, a call designated for a RADIUS-
RADIUS Overview116752 Rev. A 2-7 Using RADIUS-Compatible Servers with the RADIUS ClientThe Bay Networks RADIUS client can communicate with any RADIUS-
iv 116752 Rev. A Bay Networks Software License (continued) 9. Licensee shall not reverse assemble, reverse compile, or in any way reverse engineer
Configuring RADIUS2-8 116752 Rev. AFor More InformationRefer to the following sources for more information about RADIUS:Aboba, B., Zorn, G. “RADIUS Cl
116752 Rev. A 3-1 Chapter 3Customizing the RADIUS Client ConfigurationThis chapter describes the changes you can make to the RADIUS client’s configurati
Configuring RADIUS3-2 116752 Rev. A2. Enter a new IP address for the Client IP Address parameter.3. Click on Done to return to the Configuration Manage
Customizing the RADIUS Client Configuration116752 Rev. A 3-3 Modifying the Protocol for RADIUS AuthenticationTo modify the unnumbered protocol for RAD
Configuring RADIUS3-4 116752 Rev. AFigure 3-3. RADIUS Dial_In Protocol Window4.Set the enabled protocol to Disable, and set the protocol you want to u
Customizing the RADIUS Client Configuration116752 Rev. A 3-5 If the remote site is using dial optimized routing, click on OK. Site Manager automatical
Configuring RADIUS3-6 116752 Rev. AModifying the PPP Authentication ProtocolThe remote user identifies itself to the server using one of the PPP authen
Customizing the RADIUS Client Configuration116752 Rev. A 3-7 Figure 3-6. PPP Line Lists Window3.Select PAPAUTH as the value for the Local Authenticati
Configuring RADIUS3-8 116752 Rev. ARemoving RADIUS Authentication and AccountingTo remove RADIUS authentication and accounting from a slot, begin at t
116752 Rev. A 4-1 Chapter 4Customizing the RADIUS Server ConfigurationThis chapter explains how to modify the RADIUS server configuration. The server pa
116752 Rev. A v Contents About This Guide Before You Begin ...
Configuring RADIUS4-2 116752 Rev. AFigure 4-1. RADIUS Server Configuration Window2.Enter a new password, then click on Apply. 3. Click on Done to retur
Customizing the RADIUS Server Configuration116752 Rev. A 4-3 Modifying the Server ModeThe server mode tells the client how the server is configured. Yo
Configuring RADIUS4-4 116752 Rev. AModifying the Server Response TimeWhen the client sends an accounting or authentication request to the server, you
Customizing the RADIUS Server Configuration116752 Rev. A 4-5 Configuring Alternate ServersIn addition to the primary server, you can configure one or mo
Configuring RADIUS4-6 116752 Rev. AFigure 4-3. Alternate Server Address Window3.Enter the IP address of the alternate RADIUS server.4. Enter a passwor
Customizing the RADIUS Server Configuration116752 Rev. A 4-7 Reconnecting to the Primary ServerIf the primary server fails, you can instruct the clien
Configuring RADIUS4-8 116752 Rev. ARemoving a Server EntryTo remove a server entry from the RADIUS configuration, begin at the Configuration Manager win
116752 Rev. A A-1 Appendix ARADIUS ParametersThis appendix describes each of the RADIUS parameters. Each description includes the path of Site Manager
Configuring RADIUSA-2 116752 Rev. AServer Configuration ParametersParameter: Server IP AddressPath: Protocols > Global Protocols > RADIUS > Cr
RADIUS Parameters116752 Rev. A A-3 Parameter: Auth. UDP PortPath: Protocols > Global Protocols > RADIUS > Edit ServerDefault: 1645Options: A
vi 116752 Rev. A Accepting Remote Users’ IP Addresses ...2-7For More Information ...
Configuring RADIUSA-4 116752 Rev. AParameter: Response Timeout (seconds)Path: Protocols > Global Protocols > RADIUS > Edit ServerDefault: 3Op
RADIUS Parameters116752 Rev. A A-5 Protocol Parameters for RADIUS AuthenticationThese protocols are only for RADIUS authentication.Parameter: Slot Num
Configuring RADIUSA-6 116752 Rev. AParameter: OSPF EnablePath: Protocols > Global Protocols > RADIUS > Edit RADIUS > Dial-In Protocol >
RADIUS Parameters116752 Rev. A A-7 Parameter: Bridge EnablePath: Protocols > Global Protocols > RADIUS > Edit RADIUS > Dial-In Protocol &g
116752 Rev. A B-1 Appendix BRADIUS Parameter DefaultsTable B-1 lists the default settings for the RADIUS parameters.Table B-1. RADIUS Parameter Defaul
116752 Rev. A C-1 Appendix CConfiguration ExamplesThis appendix provides the following configuration examples for a router acting as a RADIUS client:• C
Configuring RADIUSC-2 116752 Rev. AConfiguring RADIUS AuthenticationThis example explains how to configure the router as a RADIUS authentication client,
Configuration Examples116752 Rev. A C-3 Enable RADIUS AuthenticationTo enable RADIUS authentication, begin at the Configuration Manager window:1. Selec
116752 Rev. A viiConfiguring RADIUS Accounting ...C-5Before You Begin
Configuring RADIUSC-4 116752 Rev. ASelect IPFrom the RADIUS Client Configuration window:1. Click on Dial-In Protocol.Site Manager displays the RADIUS D
Configuration Examples116752 Rev. A C-5 Configuring RADIUS AccountingThis example explains how to configure the router as a RADIUS accounting client, an
Configuring RADIUSC-6 116752 Rev. ABefore You BeginBefore you begin, do the following:1. Create and save a configuration file with at least one PPP inte
Configuration Examples116752 Rev. A C-7 You return to the Backup Lines Definition window. The letter B (backup) appears next to the ISDN port to indica
Configuring RADIUSC-8 116752 Rev. AEnable RADIUS AccountingTo enable RADIUS accounting, begin at the Configuration Manager window:1. Select Protocols &
Configuration Examples116752 Rev. A C-9 Configuring RADIUS Accounting and AuthenticationThis example explains how to configure the router as a RADIUS ac
Configuring RADIUSC-10 116752 Rev. ABefore You BeginBefore you begin, do the following:1. Create and save a configuration file with at least one Frame R
Configuration Examples116752 Rev. A C-11 10.Click on Done.You return to the RADIUS Client Configuration window.11. Keep this window open and go to the
116752 Rev. A Index-1Aaccounting. See RADIUS accounting, 2-6Acct. UDP Port parameter, A-3alternate RADIUS servers, configuring, 2-7Auth. UDP Port param
Index-2 116752 Rev. AClient IP Addressdefaults, B-1IP Enable, A-5IPX Enable, A-6IPXWAN Enable, A-6Maximum Message Retry, A-3OSPF Enable, A-6Response T
116752 Rev. A Index-3TTechnical Solutions Centers, xviUUDP portdescription, 4-3modifying, 4-3unnumbered circuit interfaces for authentication, 2-4WWor
Index-4 116752 Rev. A
116752 Rev. A ix Figures Figure 1-1. Configuration Manager Window ................1-3Figure 1-2. RADIUS
Komentáře k této Příručce