Security
7705 SAR OS System Management Guide 19
Figure 1: RADIUS Requests and Responses
Authentication
Authentication validates a user name and password combination when a user attempts to
log in.
When a user attempts to log in through the console, Telnet, SSH, SCP, or FTP, the 7705 SAR
client sends an access request to a RADIUS, TACACS+, or local database.
Transactions between the client and a RADIUS server are authenticated through the use of a
shared secret. The secret is never transmitted over the network. User passwords are sent
encrypted between the client and RADIUS server, which prevents someone snooping on an
insecure network to learn password information.
If the RADIUS server does not respond within a specified time, the router issues the access
request to the next configured servers. Each RADIUS server must be configured identically
to guarantee consistent results. Up to five RADIUS servers can be configured.
If a server is unreachable, it will not be used again by the RADIUS application until
30 seconds have elapsed, to give the server time to recover from its unreachable state. After
30 seconds, the unreachable server becomes available again for the RADIUS application.
If, within the 30 seconds, the RADIUS server receives a valid response to a previously sent
RADIUS packet on that unreachable server, the server immediately becomes available again.
Access Request
Access Request
ALU-2
ALU-1
ALU-3
Access Request
Access Accepted
Access Accepted
RADIUS Server
Authentication
X
Network
19673
To Next Page
Loading...
