Filter
Top Products
Alteon OS Application Guide
44
Chapter 1: Accessing the Switch 42C4911, January 2007
RADIUS Authentication and Authorization
Alteon OS supports the RADIUS (Remote Authentication Dial-in User Service) method to
authenticate and authorize remote administrators for managing the switch. This method is
based on a client/server model. The Remote Access Server (RAS)—the switch—is a client to
the back-end database server. A remote user (the remote administrator) interacts only with the
RAS, not the back-end server and database.
RADIUS authentication consists of the following components:
A protocol with a frame format that utilizes UDP over IP (based on RFC 2138 and 2866)
A centralized server that stores all the user authorization information
A client, in this case, the switch
The GbE Switch Module—acting as the RADIUS client—communicates to the RADIUS
server to authenticate and authorize a remote administrator using the protocol definitions spec-
ified in RFC 2138 and 2866. Transactions between the client and the RADIUS server are
authenticated using a shared key that is not sent over the network. In addition, the remote
administrator passwords are sent encrypted between the RADIUS client (the switch) and the
back-end RADIUS server.
How RADIUS Authentication Works
1. Remote administrator connects to the switch and provides user name and password.
2. Using Authentication/Authorization protocol, the switch sends request to authentication
server.
3. Authentication server checks the request against the user ID database.
4. Using RADIUS protocol, the authentication server instructs the switch to grant or deny
administrative access.
Configuring RADIUS on the Switch
Use the following procedure to configure Radius authentication on your GbE Switch Module.
For more information, see Appendix B, “RADIUS Server Configuration Notes.”