Security Management RADIUS
4. Define the Method of access to the ML device:
Local (ML factory default) - access is verified according to the user information
stored in the ML device.
Radius and Local - the Radius server (including backup Server) and then locally
stored on ML user information is queried for authentication.
Radius - only the Radius can authenticate access. If the Radius is not available, then
access the ML is not allowed.
5. If a backup Radius Server exists, under Backup Server:
Check-mark the Enable option
Enter the IP address of the backup Radius Server.
NOTE: If a backup server is not defined (0.0.0.0 by default) query is skipped. If both
Servers are configured with the same IP, queries will be sent twice (if no reply from
Primary Server).
6. Click OK.
RADIUS Message Parameters Supported by ML
From R6.0 and higher, RADIUS on ML supports:
PAP (Password Authentication Protocol). (CHAP (Challenge Handshake Authentication
Protocol) is not supported, where CHAP messages are discarded by the system.)
Authentication only (RFC 2865). All account messages (supported in RFC2866) are
discarded by the system.
ML devices support either group of the Message Parameters
Table 56: Group I - Message Parameters Supported by ML
the name of the user to be authenticated
Access-Request/
Access-Accept
the password of the user to be
authenticated
IP Address of the ML (MUST be used
to select the shared secret)
Indicates the physical port number of the
NAS, which is authenticating the user.
Table 57: Group II - Message Parameters Supported by ML
The type of the physical port:
15 - Ethernet
16 - xDSL - Digital Subscriber Line of
unknown type
To Next Page