Filter
Top Products
CHAPTER 8: USER MANAGEMENT 81
Implementing RADIUS Remote Authentication
Remote Authentication Dial-in User Service (RADIUS) is an AAA (authentication, authorization,
and accounting) protocol for network access applications.
To use the RADIUS authentication protocol:
Figure 54: Authentication Settings (RADIUS)
1. Type the IP Address of your primary and (optional) secondary remote authentication servers
in the Primary Radius Server and Secondary Radius Server fields, respectively.
2. Type the server secret used for authentication (in the Shared Secret fields). The shared secret
is a character string that must be known by both the Dominion KX II and the RADIUS server
to allow them to communicate securely. It is essentially a password.
3. Authentication Port. The default authentication port is 1812; change as required.
4. Accounting Port. The default accounting port is 1813; change as required.
5. Timeout (in seconds). The default timeout is 1 second; change as required. The timeout is
the length of time the Dominion KX II waits for a response from the RADIUS server before
sending another authentication request.
6. Retries. The default number of retries is 3; change as required. This is the number of times
the Dominion KX II will send an authentication request to the RADIUS server.
7. Global Authentication Type. Select from among the options in the drop-down list:
• PAP. With PAP, passwords are sent as plain text. PAP is not interactive; the username
and password are sent as one data package once a connection is established, rather than
the server sending a login prompt and waiting for a response.
• CHAP. With CHAP authentication can be requested by the server at any time. CHAP
provides more security than PAP.