Table of Contents
Advertisement
RADIUS network authenticated login
R
A
D
I
U
S
n
e
t
w
R
A
D
I
U
S
n
e
t
w
RADIUS server configurations apply to administrative access accounts and client 802.1X authentication. RADIUS
access-requests are supported, but RADIUS accounting messages are not. Up to five RADIUS servers can be
added. The default RADIUS port 1812 is used and is not configurable.
Authenticating Administrative Access
RADIUS network authenticated logins allows the administrators to easily change all passwords by changing the
password on the RADIUS server, simplifying management of a large network with multiple users.
To use RADIUS network authentication, you will need a properly configured RADIUS server (free RADIUS servers are
available for Linux operating systems or fee-based server products are available on UNIX and Microsoft NOS).
RADIUS authenticated logins only support the "admin" user account privileges with the following exceptions:
•
The RADIUS account cannot disable RADIUS login support
•
The RADIUS account cannot change the built-in "Admin" password
Note: The "admin" account name is not reserved. You may create an "admin" account on the RADIUS server. If so,
the T3 will first check the password against the local "admin" account password before trying the RADIUS server.
Unless there is a special reason to do so, we recommend not using an "admin" account on the RADIUS server
Authenticating Clients using 802.1X
To use RADIUS authentication, the server must support 802.1X protocol and a supported EAP type. Supported EAP
types are TLS, TTLS, and PEAPv0 (also known simply as PEAP)
Configure the RADIUS Server
To create a RADIUS server configuration from the CLI, use the following command:
radius server config <1-5(index)> <ip-address #.#.#.#> <shared-secret string> <timeout 1-10> <retries 1-120>
Options
Description
Index
5 RADIUS servers can be added. Authentication will be performed starting with the server in
index 1
ip-address
IP address of the RADIUS server
shared-secret
This is the password used by the RADIUS server to authentication the Access-Request
packets from the Tut OS
Timeout
Number of seconds to wait after sending an Access-Request packet before sending another
request or trying another server. Practical timeout value is 5 seconds.
Retries
Number of retries before giving up and trying a different server. A practical entry for retries is 2
to 3.
Motorola, Inc.
o
r
k
a
u
t
h
e
n
t
i
c
o
r
k
a
u
t
h
e
n
t
i
c
570510-001-00 rev A
a
t
e
d
l
o
g
i
n
a
t
e
d
l
o
g
i
n
Page 32 of 50
- Quick Links:
- T3 Powerbroadband Switch
Hide quick links:
Advertisement
Table of Contents
