Protocols: The RADIUS Protocol - Encore Networks

encor! •enetworks TMVersion A, September 2010© 2010 Encore Networks, Inc.All rights reserved.The RADIUS ProtocolThis chapter discusses configuration and use of the Remote Authentication Dial-In UserService (RADIUS) networking protocol on a BANDIT device.Note: The BANDIT devices use RADIUS only for Telnet logins. For all other logins, standardBANDIT authentication is used.If the login is via Telnet, the BANDIT’s network access server identifier (NAS ID) determineswhether the login uses RADIUS or standard authentication and selects the appropriate loginroutine.See the following sections:• The RADIUS Networking Protocol• Configuring the BANDIT as a RADIUS ClientNote: See the Protocols Module for a full list of BANDIT protocols.10.1 The RADIUS Networking ProtocolRADIUS is a centralized authentication, authorization, and accounting (AAA) managementsystem:• Authentication verifies that the proper user credentials have been submitted for access todevices in the network.• Authorization indicates which devices and services the user can have access to.• Accounting tracks the use of the devices and services.The BANDIT’s use of the RADIUS protocol conforms to RFC 2865, which describes the RADIUSprotocol’s authentication and authorization, and RFC 2866, which describes the RADIUSprotocol’s accounting.The BANDIT device is a RADIUS client. When a user logs in over a Telnet connection, theBANDIT sends the user credentials to the RADIUS server for verification. The RADIUS serverusually resides at a network operation center (NOC), such as a headquarters (HQ) site or a centralhub site.Note: Configuration of RADIUS user names, passwords, and access levels is performed on theRADIUS server. See the server manufacturer’s literature to configure RADIUS on the server.For information on trademarks, safety, limitationsof liability, and similar topics, see Notices.Home Module: ProtocolsDocument 10

The RADIUS Protocol Page 3RADIUS CONFIG PARAMETERS-------------------------1) RADIUS Admin Status : Enabled2) Primary RADIUS Server IP : 0.0.0.03) Secondary RADIUS Server IP : 0.0.0.04) RADIUS NAS IP : 0.0.0.05) RADIUS Shared Secret : ****6) RADIUS Server UDP Port : 07) RADIUS Retry Timeout : 08) RADIUS Maximum Retries : 0Enter Choice :4 On the RADIUS Configuration Parameters Menu, select each parameter (as describedin step 5 through step 12) to configure the BANDIT as a RADIUS client.5 On the RADIUS Configuration Parameters Menu, select RADIUS Admin Status.❖ The following prompt is displayed.RADIUS Admin Status(1.Disable, 2.Enable): (1 to 2)[1] :a Do one of the following:i To refrain from using RADIUS, select Disable.❖ This BANDIT device will not use RADIUS. The RADIUS Configuration ParametersMenu is redisplayed. Go to step 13.ii To use RADIUS, select Enable.❖ This BANDIT device will be a RADIUS client. The RADIUS ConfigurationParameters Menu is redisplayed. Continue to configure RADIUS parameters.RADIUS CONFIG PARAMETERS-------------------------1) RADIUS Admin Status : Enabled2) Primary RADIUS Server IP : 0.0.0.03) Secondary RADIUS Server IP : 0.0.0.04) RADIUS NAS IP : 0.0.0.05) RADIUS Shared Secret : ****6) RADIUS Server UDP Port : 07) RADIUS Retry Timeout : 08) RADIUS Maximum Retries : 0Enter Choice :6 On the RADIUS Configuration Parameters Menu, select Primary RADIUS Server IP.❖ The following prompt is displayed.

Page 4 Protocols Module, Document 10Enter Primary RADIUS Server IP (N.N.N.N) :a Type the IP address of the primary server for the RADIUS application, and press Enter.❖ The IP address is accepted and is displayed in the RADIUS Configuration ParametersMenu.RADIUS CONFIG PARAMETERS-------------------------1) RADIUS Admin Status : Enabled2) Primary RADIUS Server IP : 192.10.168.243) Secondary RADIUS Server IP : 0.0.0.04) RADIUS NAS IP : 0.0.0.05) RADIUS Shared Secret : ****6) RADIUS Server UDP Port : 07) RADIUS Retry Timeout : 08) RADIUS Maximum Retries : 0Enter Choice :7 If your network includes a secondary RADIUS server, then, on the RADIUSConfiguration Parameters Menu, select Secondary RADIUS Server IP.❖ The following prompt is displayed.Enter Seconday RADIUS Server IP (N.N.N.N) :a Type the IP address of the secondary server for the RADIUS application, and pressEnter.❖ The IP address is accepted and is displayed in the RADIUS Configuration ParametersMenu.RADIUS CONFIG PARAMETERS-------------------------1) RADIUS Admin Status : Enabled2) Primary RADIUS Server IP : 192.10.168.243) Secondary RADIUS Server IP : 192.10.168.44) RADIUS NAS IP : 0.0.0.05) RADIUS Shared Secret : ****6) RADIUS Server UDP Port : 07) RADIUS Retry Timeout : 08) RADIUS Maximum Retries : 0Enter Choice :

The RADIUS Protocol Page 58 On the RADIUS Configuration Parameters Menu, select RADIUS NAS IP.❖ The following prompt is displayed.Enter NAS IP (Local IP) (N.N.N.N) :Note: The BANDIT functions as a network access server (NAS) for RADIUS, and usesone of its IP addresses (usually its WAN IP address) to identify itself to the RADIUSserver.a Type the BANDIT’s IP address for its RADIUS application NAS function, and pressEnter.❖ If the IP address entered is not one of the BANDIT’s current IP addresses, thefollowing message is displayed.WARNIING: IP Address is not part of the active interfaces!Caution: If you see this message, the NAS IP is not one of the BANDIT’s current IPaddresses. Make sure the BANDIT’s NAS IP address corresponds to an IP address forone of the BANDIT’s ports. You may need to repeat step 8.❖ The RADIUS Configuration Parameters Menu is redisplayed, with the specified IPaddress.RADIUS CONFIG PARAMETERS-------------------------1) RADIUS Admin Status : Enabled2) Primary RADIUS Server IP : 192.10.168.243) Secondary RADIUS Server IP : 192.10.168.44) RADIUS NAS IP : 192.10.168.105) RADIUS Shared Secret : ****6) RADIUS Server UDP Port : 07) RADIUS Retry Timeout : 08) RADIUS Maximum Retries : 0Enter Choice :9 On the RADIUS Configuration Parameters Menu, select RADIUS Shared Secret.❖ The following prompt is displayed.Enter RADIUS Shared Secret:

Page 6 Protocols Module, Document 10!Note: The RADIUS shared secret is used to negotiate the connection between the NASand the RADIUS server. The RADIUS shared secret must be determined in advanceand must be distributed to each party in the connection.Caution: Do not distribute the RADIUS shared secret to any entities other than thosethat must use that shared secret.Note: The RADIUS definition of “shared secret” corresponds to “secret key” (alsoknown as “pre-shared key” or “shared key”). It is not a generated shared secret such asthat used in a key-agreement protocol (for example, a Diffie–Hellman exchange).a Type the RADIUS shared secret exactly as it is presented, including special charactersand uppercase or lowercase letters. (The RADIUS shared secret cannot contain spaces.)Then press the Enter key.❖ The following prompt is displayed.ReEnter RADIUS Shared Secret:b Retype the RADIUS shared secret exactly as it is presented, including special charactersand uppercase or lowercase letters. Then press the Enter key.❖ If the entries are not the same, the following error message is displayed. Then theRADIUS Configuration Parameters Menu is redisplayed. Perform step 9 again.ERROR: Entered Strings differ!!Caution: If you see this message, the RADIUS shared secret might have been typedincorrectly; it must be re-entered. You must perform step 9 again, making sure that, inboth substep a and substep b, you type the RADIUS shared secret exactly as it ispresented.❖ If the entries are the same, the RADIUS shared secret is accepted. Then the RADIUSConfiguration Parameters Menu is redisplayed.RADIUS CONFIG PARAMETERS-------------------------1) RADIUS Admin Status : Enabled2) Primary RADIUS Server IP : 192.10.168.243) Secondary RADIUS Server IP : 192.10.168.44) RADIUS NAS IP : 192.10.168.105) RADIUS Shared Secret : ****6) RADIUS Server UDP Port : 07) RADIUS Retry Timeout : 08) RADIUS Maximum Retries : 0Enter Choice :

The RADIUS Protocol Page 710 On the RADIUS Configuration Parameters Menu, select RADIUS Server UDP Port.❖ The following prompt is displayed.RADIUS Server UDP Port(1.Old_1645, 2.New_1812): (1 to 2)[2] :Note: To determine whether to use the old or new RADIUS UDP port number, see thevendor’s instructions for the RADIUS server.a Select the UPD port for RADIUS transmissions.❖ The RADIUS Configuration Parameters Menu is redisplayed with the selectedRADIUS UDP port number.RADIUS CONFIG PARAMETERS-------------------------1) RADIUS Admin Status : Enabled2) Primary RADIUS Server IP : 192.10.168.243) Secondary RADIUS Server IP : 192.10.168.44) RADIUS NAS IP : 192.10.168.105) RADIUS Shared Secret : ****6) RADIUS Server UDP Port : 18127) RADIUS Retry Timeout : 08) RADIUS Maximum Retries : 0Enter Choice :11 On the RADIUS Configuration Parameters Menu, select RADIUS Retry Timeout.❖ The following prompt is displayed.RADIUS Retry Timeout: (1 to 30)[3] :a Type the number of seconds for the BANDIT to wait for a response from the RADIUSserver, and press Enter.❖ The RADIUS Configuration Parameters Menu is redisplayed with the selected timefor the RADIUS retry timeout.

Page 8 Protocols Module, Document 10RADIUS CONFIG PARAMETERS-------------------------1) RADIUS Admin Status : Enabled2) Primary RADIUS Server IP : 192.10.168.243) Secondary RADIUS Server IP : 192.10.168.44) RADIUS NAS IP : 192.10.168.105) RADIUS Shared Secret : ****6) RADIUS Server UDP Port : 18127) RADIUS Retry Timeout : 48) RADIUS Maximum Retries : 0Enter Choice :12 On the RADIUS Configuration Parameters Menu, select RADIUS Maximum Retries.❖ The following prompt is displayed.RADIUS Max Retries: (0 to 20)[3] :a Type the maximum number of retries for the BANDIT to contact the RADIUS server,and press Enter.❖ The RADIUS Configuration Parameters Menu is redisplayed with the indicatedmaximum number of retries.RADIUS CONFIG PARAMETERS-------------------------1) RADIUS Admin Status : Enabled2) Primary RADIUS Server IP : 192.10.168.243) Secondary RADIUS Server IP : 192.10.168.44) RADIUS NAS IP : 192.10.168.105) RADIUS Shared Secret : ****6) RADIUS Server UDP Port : 18127) RADIUS Retry Timeout : 48) RADIUS Maximum Retries : 4Enter Choice :13 After you have finished configuring the RADIUS configuration parameters, press theEscape key until you reach the Main Menu.

The RADIUS Protocol Page 9Main Menu----------1) QuickStart Config Builder2) Typical Configurations3) Advanced Configurations4) ToolsV) View Current Unit StatusF) Cellular Fast ConnectL) Load Factory DefaultsP) Load Plug and Play DefaultsW) Write ConfigurationR) Reset UnitX) eXit SessionS) StatisticsY) sYstem AdministrationEnter Choice :14 On the Main Menu, select Write Configuration, to save the new configuration. (Fordetails, see Saving (Writing) a Configuration.)15 Then, also on the Main Menu, select Reset Unit, to use the newly saved configuration.(For details, see Resetting the Device.)

Page 10 Protocols Module, Document 10

Protocols: The RADIUS Protocol - Encore Networks

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?