Filter
Top Products
ASYNC ROUTER AR-P, AR-5, AND SYNC ROUTER REFERENCE MANUAL
159
2.4 authenticate
Select and configure authentication methods for dial-in clients
Syntax
authenticate add server host[:port]
authenticate delete server host
authenticate method {radius | securid | local}
authenticate retry count
authenticate show [securid]
authenticate test user-id
authenticate timeout value_in_seconds
Description
The authenticate command allows you to specify which authentication method to use for dialin clients,
and to manipulate the server database for non-local authentication methods. Modem ports can be
selected to support dial-in clients or to provide LAN-to-LAN services, but not both. Modem ports
selected to provide LAN-to-LAN service use the authentication method specified using the PPP
command (PAP, CHAP, SCHAP or none).
Subcommands and parameters
authenticate add server host[:port]
Authenticate add server is only available when the authentication method selected is RADIUS. Use
authenticate add server to add a server to the list of RADIUS servers who are consulted when the Router
verifies a dialin client’s name and password. If a port is not specified, the default RADIUS port of 1645 is
used. The host can be specified as a hostname (e.g. buffet@rns.com) or as an IP address in dotted-quad
notation (e.g. 131.143.16.45).
authenticate delete server host
Authenticate delete server is only available when the authentication method selected is RADIUS. Use
authenticate delete server to delete a server from the list of RADIUS servers who are consulted when the
Router verifies a dialin client’s name and password. The host can be specified as a hostname (e.g.
buffet@rns.com) or as an IP address in dotted-quad notation (e.g. 131.143.16.45).
authenticate method {radius | securid | local}
Use authenticate method to select or change the authentication method used when the Router verifies a
dialin client’s name and password. The local option enables the Router to use the Router’s client
database when authenticating dialin clients.
authenticate retry count
Use authenticate retry to specify the number of times that a client can attempt to log in, using a name and
password. The default number of attempts allowed is 3. This retry number only affects login attempts
prior to the start of the PPP protocol, and does not have any effect on the number of attempts allowed
during PAP and CHAP authentication. If you are using RADIUS or the local password file (Router), you
must also specify which PPP authentication protocol will be used. Use the ppp command:
ppp iface lcp local authentication [ chap | pap | none | allow [on | off] ]
authenticate show [securid]