Installation & Operation Manual 384 Document # LTRT-92224
Mediant 8000
priv-lvl = 0
}
cmd = show {
permit .*
}
}
33.18.6.2 Centralized RADIUS Servers
Remote Authentication Dial In User Service (RADIUS) is a standard AAA protocol
defined by IETF and widely deployed in many networks for centralized user
authentication. Contrary to the TACACS+, the RADIUS protocol does not support
separate requests for authentication and authorization services – instead a single
Access Request is used to combine both services (refer to RFC 2865 for details). The
Accounting service is implemented via a separate Accounting Request (refer to RFC
2866 for details).
The Mediant 8000 supports interworking with standard-compliant RADIUS servers and
implements authentication and authorization service for user login as defined by the
protocol (see details below). Up to three RADIUS servers may be defined for
redundancy purposes. Local user cache is implemented for emergency access to the
Mediant 8000 in case of network outage (for more information, seefor more
information, see Section Section 'TACACS+ Protocol Overview' below).
33.18.6.2.1 RADIUS Protocol Overview
The Mediant 8000 implements the authentication and authorization parts of the
RADIUS protocol as defined in RFC 2865. Authorization is implemented using
Audiocodes vendor-specific attributes (VSAs) or, alternatively, using CISCO VSAs.
Up to three RADIUS servers may be configured for redundancy purposes. The
Mediant 8000 falls back to the redundant RADIUS server in case communication with
the active RADIUS server fails. Communication with the currently selected RADIUS
server continues until the next failure.
For each RADIUS server, the following parameters may be configured by the user:
IP address
Port
Secret Key
In addition, RADIUS Retransmit Timeout and RADIUS Number Of Retries parameters
may be configured to determine how long the Media Gateway awaits the response
from the currently active RADIUS server, before falling back to the redundant server.
Gateway implements a local cache of user profiles. This cache is used in emergency
situations when communication with RADIUS servers is not possible (e.g. in case of a
global network outage). In such scenarios, users who recently logged into the
Gateway CLI interface (e.g. within the last 30 days) will be able to login using the
credentials stored in the local user profile cache. The cache is automatically
synchronized between active and standby SC boards.
To Next Page
Loading...
