RUGGEDCOM ROX II
User Guide
Chapter 4
System Administration
Managing RADIUS Authentication 213
Attribute Value
User-Password { password }
Service-Type 1
Vendor-Specific Vendor-ID: 15004
Type: 1
Length: 11
String: RuggedCom
A RADIUS server may also be used to authenticate access on ports with 802.1X security support. When this is
required, the following attributes are sent by the RADIUS client to the RADIUS server:
Attribute Value
User-Name { The username as derived from the client's EAP identity response }
NAS-IP-Address { The Network Access Server IP address }
Service-Type 2
Frame-MTU 1500
EAP-Message
a
{ A message(s) received from the authenticating peer }
a
EAP-Message is an extension attribute for RADIUS, as defined by RFC 2869.
Primary and secondary RADIUS servers, typically operating from a common database, can be configured for
redundancy. If the first server does not respond to an authentication request, the request will be forwarded to the
second server until a positive/negate acknowledgement is received.
NOTE
RADIUS authentication activity is logged to the authentication log file var/log/auth.log. Details
of each authentication including the time of occurence, source and result are included. For more
information about the authentication log file, refer to Section 3.9.1, “Viewing Logs”.
ROX II supports RADIUS authenticaton for the LOGIN and PPP services. Different RADIUS servers can be
configured to authenticate both services separately or in combination.
The LOGIN services consist of the following access types:
• Local console logins via the serial port
• Remote shell logins via SSH and HTTPS
• Secure file transfers using HTTPS, SCP and SFTP (based on SSH)
Authentication requests for LOGIN services will attempt to use RADIUS first and any local authentication settings
will be ignored. Only when there is no response (positive/negative) from any of the configured RADIUS servers
will ROX II authenticate users locally.
The PPP service represents incoming PPP connections via a modem. Authentication requests to the PPP service
use RADIUS only. In the event that no response is received from any configured RADIUS server, ROX II will not
complete the authentication request.
The following sections describe how to configure and manage RADIUS authentication:
• Section 4.8.1, “Configuring RADIUS Authentication for LOGIN Services”
• Section 4.8.2, “Configuring RADIUS Authentication for PPP Services”
• Section 4.8.3, “Configuring RADIUS Authentication for Switched Ethernet Ports”
To Next Page
Loading...
