RUGGEDCOM ROS
User Guide
Chapter 4
System Administration
Managing RADIUS Authentication 127
• Section4.8.2, “Managing TACACS+ Authentication”
Section4.8.1
Managing RADIUS Authentication
RUGGEDCOM ROS can be configured to act as a RADIUS client and forward user credentials to a RADIUS (Remote
Authentication Dial In User Service) server for remote authentication and authorization.
RADIUS is a UDP-based protocol used for carrying authentication, authorization and configuration information
between a Network Access Server (NAS) that desires to authenticate its links and a shared authentication server. It
provides centralized authentication and authorization for network access.
RADIUS is also widely used in conjunction with the IEEE 802.1X standard for port security using the Extensible
Authentication Protocol (EAP).
NOTE
For more information about the RADIUS protocol, refer to RFC 2865.
For more information about the Extensible Authentication Protocol (EAP), refer to RFC 3748.
IMPORTANT!
RADIUS messages are sent as UDP messages. The switch and the RADIUS server must use the same
authentication and encryption key.
IMPORTANT!
RUGGEDCOM ROS supports both Protected Extensible Authentication Protocol (PEAP) and EAP-MD5.
PEAP is more secure and is recommended if available in the supplicant.
In a RADIUS access request, the following attributes and values are typically sent by the RADIUS client to the
RADIUS server:
Attribute Value
User-Name { Guest, Operator, Admin }
User-Password { password }
Service-Type 1
Vendor-Specific Vendor-ID: 15004
Type: 1
Length: 11
String: RuggedCom
A RADIUS server may also be used to authenticate access on ports with 802.1X security support. When this is
required, the following attributes are sent by the RADIUS client to the RADIUS server:
Attribute Value
User-Name { The username as derived from the client's EAP identity response }
NAS-IP-Address { The Network Access Server IP address }
Service-Type 2
Frame-MTU 1500
To Next Page
Loading...
Need help?
General
