Support User Manuals

Cisco Systems 78-11424-03 Network Router User Manual

Open as PDF

of 50

2-27

Cisco Content Services Switch Basic Configuration Guide

78-11424-03

Chapter 2 Configuring User Profiles and CSS Parameters

Configuring the CSS as a Client of a RADIUS Server

It is recommended that you configure the idle timeout to at least 30 minutes.

Setting this value to 30 minutes:

• Cleans up idle Telnet sessions

• Helps prevent busy conditions due to a high number of active Telnet sessions

To set an idle timeout value, enter:

(config)# idle timeout 15

To revert the terminal timeout value to its default of enabled for 5 minutes, enter:

(config)# no idle timeout

Configuring the CSS as a Client of a RADIUS Server

The Remote Authentication Dial-In User Server (RADIUS) protocol is a

distributed client/server protocol that protects networks against unauthorized

access. It uses the User Datagram Protocol (UDP) to exchange authentication and

configuration information between the CSS authentication client and the active

authentication server that contains all user authentication and network service

access information. The RADIUS host is normally a multiuser system running

RADIUS server software.

Use the radius-server command to configure the CSS as a client of a RADIUS

server for authentication requests by remote or local users who require

authorization to access network resources.

When a user remotely logs into a CSS operating as a RADIUS client, the CSS

sends an authentication request (including user name, encrypted password, client

IP address, and port ID) to the central RADIUS server. The RADIUS server is

responsible for receiving user connection requests, authenticating users, and

returning all configuration information necessary for the client to deliver services

to the users. Transactions between the RADIUS client and the RADIUS server are

authenticated through the use of a shared secret.

Once the RADIUS server receives the authentication request, it validates the

sending client and consults a database of users to match the login request. After

the RADIUS server performs userauthentication, it transmits one ofthe following

authentication responses back to the RADIUS client:

• Accept - The user is authenticated (all conditions are met).

• Reject - Theuser is not authenticatedand is prompted toreenter the username

and password, or access is denied (the username does not exist in the server’s

database).

previous next