Filter
Top Products
CHAPTER
3-1
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
3
Configuring the CSS as a Client of a
RADIUS Server
The Remote Authentication Dial-In User Service (RADIUS) protocol is a
distributed client/server protocol that protects networks against unauthorized
access. RADIUS uses the User Datagram Protocol (UDP) to exchange
authentication and configuration information between the CSS authentication
client and the active authentication server that contains all user authentication and
network service access information. The RADIUS host is normally a multiuser
system running RADIUS server software.
When a user remotely logs in to a CSS operating as a RADIUS client, the CSS
sends an authentication request (including username, encrypted password, client
IP address, and port ID) to the central RADIUS server. The RADIUS server is
responsible for receiving user connection requests, authenticating users, and
returning all configuration information necessary for the client to deliver services
to the users. Transactions between the RADIUS client and the RADIUS server are
authenticated through the use of a shared secret.
Once the RADIUS server receives the authentication request, it validates the
sending client and consults a database of users to match the login request. If no
response is returned by the RADIUS server within a period of time, the
authentication request is retransmitted a predefined number of times. The
RADIUS client can forward requests to an alternate secondary RADIUS server in
the event that the primary server is down or is unreachable.