Filter
Top Products
Authentication services
Using a third-party RADIUS server
For example, assume that the primary RADIUS server was not reachable and that the
secondary server responded to the last RADIUS access request. When a new
authentication request is received, the service controller sends the first RADIUS
access request to the secondary RADIUS server.
If the secondary RADIUS server does not reply, the service controller retransmits the
RADIUS access request to the primary RADIUS server. When two servers are
configured, the service controller always alternates between the two.
Primary/Secondary RADIUS server
Server address: Specify the IP address of the RADIUS server.
Secret/Confirm secret: Specify the password for the service controller to use to
communicate with the RADIUS server. The shared secret is used to authenticate all
packets exchanged with the server, proving that the packets originate from a valid/
trusted source.
Authentication realms
When authentication realms are enabled for a profile, selection of the RADIUS server to
use for authentication is based on the realm name, rather than the RADIUS profile name
configured. This applies to any VSC authentication setting that uses the profile.
Realm names are extracted from user names as follows: if the username is
person1@mydomain.com then mydomain.com is the realm. The authentication
request is sent to the RADIUS profile with the realm name mydomain.com. The
username sent for authentication is still the complete person1@mydomain.com.
For added flexibility, regular expressions can be used in realm names, enabling a
single realm name to match many users. For example, if a realm name is defined with
the regular expression ^per.* then all usernames beginning with per followed by any
number of characters will match. The following usernames would all match:
per123.biz
per321.lan
per1
Important
You must enable the use of authentication realms for the VSC.
Realms names are not case-sensitive and can be a maximum of 64 characters long.
You can define a maximum of 200 realms across all RADIUS profiles. There is no limit
to the number of realms that you can define for each RADIUS profile.
Each RADIUS profile can be associated with one or more realms. However, a realm
cannot be associated with more than one profile.
A realm overrides the authentication RADIUS server only. The server used for
accounting is not affected.
Note When realm configuration is changed in any way, all active user sessions are terminated.
6-8