Filter
Top Products
Document No. 10-300077, Issue 2 4-19
Security
RADIUS Client Support
Overview
Purpose of
RADIUS
In a network with many Avaya switches, configuring user accounts on each
of the switches can be time-consuming.You can centralize the user accounts
by using a Remote Authentication Dial-In User Service (RADIUS) server.
RADIUS is a service that authenticates users when they attempt to log in to
a Network Access Device (NAD) such as an Avaya switch. RADIUS
typically runs on a Windows or Linux server; however, it can run on other
platforms as well depending on the vendor.
* Note: RADIUS supports a maximum of 27 characters for user names.
If you use a RADIUS server to authenticate users, their switch
user names must not exceed 27 characters, regardless of the 31-
character maximum of the P580 and P882.
Authentication
Process
RADIUS is a client/server architecture where each device that uses the
RADIUS server is a RADIUS client. The client sends Access-Request
messages to the RADIUS server. These messages include the user name, the
password encrypted, and optional parameters depending on configuration.
*Important: The RADIUS Client and Server must be configured
with the exact same parameters.
Once the RADIUS server receives the Access-Request message, it searches
its database for the user account. If the server finds the account, the
password is correct, and the optional parameters match, the server sends an
Access-Accept message to the RADIUS client. The Access-Accept
message indicates that the user account exists, the password is correct, and
the user has a certain access type (for example, administrative or read-only).
If the RADIUS server does not find the account or the password is
incorrect, then the server sends an Access-Reject message to the RADIUS
client.
* Note: Due to an interoperability issue, the P580 and P882 RADIUS
client does not accept Access-Accept messages from Windows
2000 RADIUS servers, which generate the Generate-Class-
Attribute. To resolve this issue, obtain Windows 2000 service
pack 3 or later. After installing the latest service pack, set the
Generate-Class-Attribute field to FALSE.