Security
7705 SAR OS System Management Guide 21
RADIUS Authentication
Remote Authentication Dial-In User Service (RADIUS) is a client/server security protocol
and software that enables remote access servers to communicate with a central server to
authenticate dial-in users and authorize access to the requested system or service.
RADIUS allows you to maintain user profiles in a shared central database and provides better
security, allowing a company to set up a policy that can be applied at a single administered
network point.
RADIUS Server Selection
Up to five RADIUS servers can be configured. They can be selected to authenticate user
requests in two ways, using either the direct method or the round-robin method. The default
method is direct.
Direct
In direct mode, the first server, as defined by the server-index command, is the primary
server. This server is always used first when authenticating a request.
Round-robin
In round-robin mode, the server used to authenticate a request is the next server in the list,
following the last authentication request. For example, if server 1 is used to authenticate the
first request, server 2 is used to authenticate the second request, and so on.
TACACS+ Authentication
Terminal Access Controller Access Control System, commonly referred to as TACACS, is
an authentication protocol that allows a remote access server to forward a user's login
password to an authentication server to determine whether access can be allowed to a given
system. TACACS is an encryption protocol and therefore less secure than the later Terminal
Access Controller Access Control System Plus (TACACS+) and RADIUS protocols.
TACACS+ and RADIUS have largely replaced earlier protocols in the newer or recently
updated networks. TACACS+ uses Transmission Control Protocol (TCP) and RADIUS uses
the User Datagram Protocol (UDP). TACACS+ is popular as TCP is thought to be a more
reliable protocol. RADIUS combines authentication and authorization. TACACS+ separates
these operations.
To Next Page
Loading...
