
Configuring RADIUS
1-6
308640-15.1 Rev 00
The client can also support a primary server, which is the original destination
server, and an alternate server, which is a server that the client contacts if it
cannot reach the primary server.
RADIUS Authentication
You configure RADIUS authentication on a slot-by-slot basis. Therefore, a call
designated for a RADIUS-configured slot can perform authentication. You can
also configure a slot for authentication even if the router is already using that slot
for a dial-up service. This includes dial-up services for both:
• Unnumbered IP addresses (demand circuit groups). For more information, see
“
Using IP and IPX Unnumbered Protocols for PPP Connections” on page 1-8.
• Numbered IP addresses (dial-on-demand, dial backup, and
bandwidth-on-demand). For more information, see “
Using RADIUS with a
Dial Service” on page 1-8.
When a remote user calls the RADIUS client, the client passes the call request,
referred to as the access challenge, to the RADIUS server. The access challenge
contains the user’s name and password. The server verifies the user’s identity and,
for authorized callers, responds with an access accept message, which includes
the required access information. This information is sent to the client, which
passes it to the remote user. If the remote user is not authorized, the server
responds with an access reject message.
The client can pass multiple requests to the server simultaneously. If the client
cannot reach the server, and you configured an alternate server, the client passes
the request to the alternate server.
The authentication process occurs only once for each call. Once RADIUS
authentication is complete, the remote user can communicate with the destination
network.
Using SecurID for Radius Authentication
For the highest level of protection from unauthorized users, you can use SecurID*
for RADIUS authentication. Nortel Networks implements SecurID on ARN
routers, which operate as RADIUS clients.
Comentarios a estos manuales