Avaya P334T-ML Switch User Manual


 
Chapter 8 User Authentication
Avaya P334T-ML User’s Guide 49
to the switch's embedded management.
The Remote Authentication Dial-In User Service (RADIUS) is an IETF standard
(RFC 2138) client/server security protocol. Security and login information is stored
in a central location known as the RADIUS server. RADIUS clients, such as the P330,
communicate with the RADIUS server to authenticate users.
All transactions between the RADIUS client and server are authenticated through
the use of a “shared secret” which is not sent over the network. The shared secret is
an authentication password configured on both the RADIUS client and its RADIUS
servers. The shared secret is stored as clear text in the client’s file on the RADIUS
server, and in the non-volatile memory of the P330. In addition, user passwords are
sent between the client and server are encrypted for increased security.
Figure 8.2 illustrates the RADIUS authentication procedure:
Figure 8.2 RADIUS Authentication Procedure
Radius Commands
User attempts login
Local User
account
authenticated in
switch?
Perform log-in according
to user's priviliege level
to switch
Yes
Authentication
request sent to
RADIUS Server
No
User name and
password
authenticated?
Yes
Authentication Reject
sent to switch
User cannot access switch
embedded managegment
No