More services
BAT54-Rail/F..
Release
7.54
06/08
12.11
RADSEC
517
D TLS check username
TLS authenticates the client via certificate only. If this option is activated,
the RADIUS server additionally checks if the username in the certificate
is contained in the RADIUS user table.
12.11RADSEC
RADIUS has become established as the standard for server-based authen-
tication, authorization and billing. RADIUS is now being used for applications
outside of its original design purpose, for example in combination with EAP/
802.1x, and a number of deficits have become apparent:
D RADIUS operates via UDP and thus offers no native procedure for pack-
et-loss detection. Although this is no problem in a LAN environment, it is
becoming increasingly important over WAN connections or on the Inter-
net.
D RADIUS is equipped only with simple procedures for authentication by
means of a "shared secret" and a low level of confidentiality.
RADSEC is an alternative protocol that transmits RADIUS packets through a
TLS-encrypted tunnel. TLS is based on TCP, thus providing a proven mech-
anism for monitoring packet loss. Furthermore, TLS is highly secure and it
features a method of mutual authentication by means of X.509 certificates.
12.11.1Configuring RADSEC for the client
U BAT as a RADIUS client
To function as a RADIUS client, a BAT is set up to use RADIUS via UDP or
RADSEC via TCP with TLS. Additionally the port to be used has to be set.
1812 for authentication with RADIUS, 1813 for billing with RADIUS and 2083
for RADSEC.
These settings are made at all locations where a BAT is configured as a RA-
DIUS client.
WEBconfig: Setup
 WAN  RADIUS
WEBconfig: Setup
 WLAN  RADIUS-access-check
WEBconfig: Setup
 WLAN  RADIUS-accounting
WEBconfig: Setup
 Public-spot-module  Provider-table
WEBconfig: Setup
 IEEE802.1x  RADIUS-server
To Next Page
Loading...
Need help?
General
