10. Authentication
ROX™ v2.2 User Guide 114 RuggedBackbone™ RX5000
10. Authentication
The Authentication menu is accessible from the main menu under admin. The path to this menu is
admin/authentication.
Figure 10.1. Authentication menu
The Authentication menu is accessible from the main menu under admin. The path to this menu is
admin/authentication.
10.1. RADIUS
RADIUS (Remote Authentication Dial In User Service) is used to provide centralized authentication and
authorization for network access. ROX™ assigns a privilege level of Admin, Operator or Guest to a
user who presents a valid user name and password. The number of users who can access the ROX™
server is ordinarily dependent on the number of user records which can be configured on the server
itself. ROX™ can also, however, be configured to pass along the credentials provided by the user to
be remotely authenticated by a RADIUS server. In this way, a single RADIUS server can centrally store
user data and provide authentication and authorization service to multiple ROX™ servers needing to
authenticate connection attempts.
10.1.1. RADIUS overview
RADIUS (described in RFC 2865 [http://tools.ietf.org/html/rfc2865]) is a UDP-based protocol used for
carrying authentication, authorization, and configuration information between a Network Access Server
which desires to authenticate its links and a shared Authentication Server. RADIUS is also widely used
in conjunction with 802.1x for port security using EAP (the Extensible Authentication Protocol, described
in RFC 3748 [http://tools.ietf.org/html/rfc3748]). Refer to Chapter 21, Port Security for configuration
details in ROX™.
A RADIUS server can act as a proxy client to other RADIUS servers or other kinds of authentication
servers.
On receiving an authentication-authorization request from a client in an “Access-Request” packet, the
RADIUS server checks the conditions configured for received username-password combination in the
user database. If all the conditions are met, the list of configuration values for the user is placed into
an “Access-Accept” packet. These values include the type of service (e.g. PPP, Login) and all the
necessary values to deliver the desired service.
10.1.2. RADIUS Usage
The typical mode of operation involves a Network Access Server (NAS) - in this case the ROX™ - and
a remote RADIUS server, where account information is stored. In the course of attempting to access
connection-oriented services on the NAS, a user presents credentials to the NAS for authentication. The
NAS forwards these to a configured RADIUS server and accepts from it the determination of whether
the user is allowed the requested access. In order to protect the security of account information and of
To Next Page
Loading...
