To Next Page

To Previous Page

100 CN4093 Application Guide for N/OS 8.4

RADIUS Authentication and Authorization

EnterpriseNOSsupportstheRADIUS(RemoteAuthenticationDial‐inUser

Service)methodtoauthenticateandauthorizeremoteadministratorsfor

managingtheswitch.Thismethodisbasedonaclient/servermodel.TheRemote

AccessServer(RAS)—theswitch—isaclienttotheback‐enddatabaseserver.A

remoteuser(theremoteadministrator)interacts

onlywiththeRAS,notthe

back‐endserveranddatabase.

RADIUSauthenticationconsistsofthefollowingcomponents:

 AprotocolwithaframeformatthatutilizesUDPoverIP(basedonRFC2138

and2866)

 Acentralizedserverthatstoresalltheuserauthorizationinformation

 Aclient,inthiscase,theswitch

TheCN4093—actingastheRADIUSclient—communicatestotheRADIUSserver

toauthenticateandauthorizearemote administratorusingtheprotocoldefinitions

specifiedinRFC2138and2866.TransactionsbetweentheclientandtheRADIUS

serverareauthenticatedusingasharedkeythatisnot

sentoverthenetwork.In

addition,theremoteadministratorpasswordsaresentencryptedbetweenthe

RADIUSclient(theswitch)andtheback‐endRADIUSserver.

How RADIUS Authentication Works

1. Remoteadministratorconnectstotheswitchandprovidesusernameand

password.

2. UsingAuthentication/Authorizationprotocol,theswitchsendsrequestto

authenticationserver.

3. AuthenticationservercheckstherequestagainsttheuserIDdatabase.

4. UsingRADIUSprotocol,theauthenticationserverinstructstheswitchtograntor

denyadministrativeaccess.

Lenovo Flex System Fabric CN4093 User Manual

Other manuals for Lenovo Flex System Fabric CN4093