Filter
Top Products
Authentication services
Using a third-party RADIUS server
Settings
Authentication port: Specify a port on the RADIUS server to use for authentication.
By default RADIUS servers use port 1812.
Accounting port: Specify a port on the RADIUS server to use for accounting. By
default RADIUS servers use port 1813.
Retry interval: Specify the number of seconds that the RADIUS server waits before
access and accounting requests time out. If the server does not receive a reply within
this interval, the service controller switches between the primary and secondary
RADIUS servers, if a secondary server is defined. A reply that is received after the
retry interval expires is ignored.
Retry interval applies to access and accounting requests that are generated by the
following:
Manager or operator access to the management tool
User authentication by way of HTML
MAC-based authentication of devices
Authentication of the service controller
Authentication of the controlled AP.
You can determine the maximum number of retries as follows:
HTML-based logins: Calculate the number of retries by taking the setting for the
HTML-based logins Authentication Timeout parameter and dividing it by the value
of this parameter. Default settings result in 4 retries (40 / 10).
MAC-based and service controller authentication: Number of retries is infinite.
802.1X authentication: Retries are controlled by the 802.1X client software.
Authentication method: Select the default authentication method that the service
controller uses when exchanging authentication packets with the RADIUS server
defined for this profile. For 802.1X users, the authentication method is always
determined by the 802.1X client software and is not controlled by this setting. If
traffic between the service controller and the RADIUS server is not protected by a
VPN, it is recommended that you use either EAP-MD5 or MSCHAP V2 (if supported
by your RADIUS Server). PAP and MSCHAP V1 are less secure protocols.
NAS ID: Specify the identifier for the network access server that you want to use for
the service controller. By default the serial number of the service controller is used.
The service controller includes the NAS-ID attribute in all packets that it sends to the
RADIUS server.
Always try primary server first: Enable this option if you want to force the service
controller to contact the primary server first.
Otherwise, the service controller sends the first RADIUS access request to the last
known RADIUS server that replied to any previous RADIUS access request. If the
request times out, the next request is sent to the other RADIUS server if defined.
6-7