Filter
Top Products
Managing Access Server Security 22-13
Managing RADIUS
Managing RADIUS
Introduction
A RADIUS server must be operational on the network. The RADIUS server can
include accounting capability, but the RADIUS accounting can be in a separate server,
on a different node. In addition, there can be multiple RADIUS servers on the network,
and RADIUS provides a method for using a second server should the attempt with the
first server result in no response.
A node that has the RADIUS server is considered an authentication host. A node that
has a RADIUS accounting server is considered an accounting host.
RADIUS security involves the definition on the access server of one or more RADIUS
realms. A
realm
is an administrative domain for the purpose of authentication which
can supply default values for many attributes associated with RADIUS access and
usage. Each RADIUS realm points to its own associated RADIUS authenticating host
and accounting host.
Minimal Setup for RADIUS
The minimal configuration requires the following commands to set up the remote ports
used for communication with the RADIUS server(s). These features must be assigned
in order for any communication with a RADIUS server or a RADIUS accounting
server to take place.
• The following example shows the commands used to set up RADIUS security:
LOCAL> CHANGE RADIUS REALM JONAS.COM
• This command defines/initializes a new RADIUS realm:
LOCAL> CHANGE RADIUS REALM JONAS.COM AUTHEN HOST
ip-addr
• This command defines RADIUS server authentication node:
LOCAL> CHANGE RADIUS REALM JONAS.COM SECRET "
secret_string"
Variables
Words in examples in italics indicate user-supplied variables. In this case, the variable
JONAS.COM
is the name of the specific realm on which you want to perform this
action.