Avaya Configuring RADIUS Manual de usuario Pagina 1

Part No. 303538-A Rev 00October 1998BayRS Version 13.00Site Manager Software Version 7.00 Configuring RADIUS

303538-A Rev 00xiTablesTable B-1. RADIUS Parameter Defaults ... B-1

303538-A Rev 00xiii PrefaceThis guide describes Remote Authentication Dial-In User Service (RADIUS) and what you do to start and customize RADIUS on a

Configuring RADIUSxiv303538-A Rev 00Text ConventionsThis guide uses the following text conventions:bold textIndicates text that you need to enter and

Preface303538-A Rev 00xv AcronymsCHAP Challenge Handshake Authentication ProtocolIP Internet ProtocolIPX Internet Packet ExchangeIPXWAN Internet Packe

Configuring RADIUSxvi303538-A Rev 00Bay Networks Technical PublicationsYou can now print Bay Networks technical manuals and release notes free, direct

303538-A Rev 001-1 Chapter 1Starting RADIUSRemote Authentication Dial-In User Service (RADIUS) defines a method of centralizing authentication and acc

Configuring RADIUS1-2303538-A Rev 00The steps that instruct you to set a parameter value are followed by a box that includes the Site Manager paramete

Starting RADIUS303538-A Rev 001-3 Enabling RADIUSTo enable RADIUS accounting or authentication, begin at the Configuration Manager window:1.Select Pro

ii303538-A Rev 004401 Great America Parkway 8 Federal StreetSanta Clara, CA 95054 Billerica, MA 01821Copyright © 1998 Bay Networks, Inc.All rights res

Configuring RADIUS1-4303538-A Rev 00Figure 1-2. RADIUS Client Configuration WindowThe RADIUS Client Configuration Window for an ASN router looks diffe

Starting RADIUS303538-A Rev 001-5 3.Select Authentication, Accounting, or Both to enable both services.If the router is already using a slot for dial-

Configuring RADIUS1-6303538-A Rev 00Figure 1-5. Sync Line Media Type WindowFigure 1-6. Async Line Media Type WindowClick on OK to accept the line medi

Starting RADIUS303538-A Rev 001-7 • To configure an ISDN line for RADIUS, click on an ISDN, MCT1, or MCE1 connector.Site Manager displays the ISDN Swi

Configuring RADIUS1-8303538-A Rev 00Site Manager adds the letters DR to the connector’s name to designate it as a RADIUS interface.5.Keep the RADIUS C

Starting RADIUS303538-A Rev 001-9 Specifying the Primary Server’s IP AddressTo enable RADIUS, you must specify the IP address of the RADIUS server. Th

Configuring RADIUS1-10303538-A Rev 00Figure 1-10. RADIUS Server Configuration Window5.Click on Done to accept the parameter defaults.You return to the

Starting RADIUS303538-A Rev 001-11 Selecting a Protocol for RADIUS AuthenticationFor RADIUS authentication, you must select a protocol. Once you selec

Configuring RADIUS1-12303538-A Rev 00Figure 1-12. RADIUS Dial_In Protocol Window3.Select Enable for the protocol you want to use, then click on OK.Ref

Starting RADIUS303538-A Rev 001-13 If your network uses a combination of leased lines and dial-up lines (for example, using dial backup service to sup

303538-A Rev 00iiiBay Networks, Inc. Software License AgreementNOTICE: Please carefully read this license agreement before copying or using the accom

303538-A Rev 002-1 Chapter 2RADIUS OverviewRemote access is a rapidly growing segment of the networking industry. Users in branch offices, sales peopl

Configuring RADIUS2-2303538-A Rev 00RADIUS authentication lets you identify remote users before you give them access to a central network site. RADIUS

RADIUS Overview303538-A Rev 002-3 RADIUS AuthenticationYou configure RADIUS authentication on a slot-by-slot basis. Therefore, a call designated for a

Configuring RADIUS2-4303538-A Rev 00Using IP and IPX Unnumbered Protocols for PPP ConnectionsThe RADIUS client supports only IP and IPX unnumbered int

RADIUS Overview303538-A Rev 002-5 Configuring the Remote User to Work with the RADIUS ClientIn most RADIUS networks, the remote user is a router. To e

Configuring RADIUS2-6303538-A Rev 00RADIUS AccountingYou configure RADIUS accounting on a slot-by-slot basis. Therefore, a call designated for a RADIU

RADIUS Overview303538-A Rev 002-7 Using RADIUS-Compatible Servers with the RADIUS ClientThe Bay Networks RADIUS client can communicate with any RADIUS

Configuring RADIUS2-8303538-A Rev 00For More InformationRefer to the following sources for more information about RADIUS:Aboba, B., Zorn, G. “RADIUS C

303538-A Rev 003-1 Chapter 3Customizing the RADIUS Client ConfigurationThis chapter describes the changes you can make to the RADIUS client’s configur

iv303538-A Rev 00its own data and information and for maintaining adequate procedures apart from the Software to reconstruct lost or altered files, d

Configuring RADIUS3-2303538-A Rev 002.Enter a new IP address for the Client IP Address parameter.3.Click on Done to return to the Configuration Manage

Customizing the RADIUS Client Configuration303538-A Rev 003-3 Modifying the Protocol for RADIUS AuthenticationTo modify the unnumbered protocol for RA

Configuring RADIUS3-4303538-A Rev 00Figure 3-3. RADIUS Dial_In Protocol Window4.Set the enabled protocol to Disable, and set the protocol you want to

Customizing the RADIUS Client Configuration303538-A Rev 003-5 If the remote site is using dial optimized routing, click on OK. Site Manager automatica

Configuring RADIUS3-6303538-A Rev 00Modifying the PPP Authentication ProtocolThe remote user identifies itself to the server using one of the PPP auth

Customizing the RADIUS Client Configuration303538-A Rev 003-7 Figure 3-6. PPP Line Lists Window3.Select PAPAUTH as the value for the Local Authenticat

Configuring RADIUS3-8303538-A Rev 00Removing RADIUS Authentication and AccountingTo remove RADIUS authentication and accounting from a slot, begin at

303538-A Rev 004-1 Chapter 4Customizing the RADIUS Server ConfigurationThis chapter explains how to modify the RADIUS server configuration. The server

Configuring RADIUS4-2303538-A Rev 00Figure 4-1. RADIUS Server Configuration Window2.Enter a new password, then click on Apply. 3.Click on Done to retu

Customizing the RADIUS Server Configuration303538-A Rev 004-3 Modifying the Server ModeThe server mode tells the client how the server is configured.

303538-A Rev 00vContentsPrefaceBefore You Begin ...

Configuring RADIUS4-4303538-A Rev 00Modifying the Server Response TimeWhen the client sends an accounting or authentication request to the server, you

Customizing the RADIUS Server Configuration303538-A Rev 004-5 Configuring Alternate ServersIn addition to the primary server, you can configure one or

Configuring RADIUS4-6303538-A Rev 00Figure 4-3. Alternate Server Address Window3.Enter the IP address of the alternate RADIUS server.4.Enter a passwor

Customizing the RADIUS Server Configuration303538-A Rev 004-7 Reconnecting to the Primary ServerIf the primary server fails, you can instruct the clie

Configuring RADIUS4-8303538-A Rev 00Removing a Server EntryTo remove a server entry from the RADIUS configuration, begin at the Configuration Manager

303538-A Rev 00A-1 Appendix ARADIUS ParametersThis appendix describes each of the RADIUS parameters. Each description includes the path of Site Manage

Configuring RADIUSA-2303538-A Rev 00Server Configuration ParametersParameter: Server IP AddressPath: Protocols > Global Protocols > RADIUS >

RADIUS Parameters303538-A Rev 00A-3 Parameter: Auth. UDP PortPath: Protocols > Global Protocols > RADIUS > Edit ServerDefault: 1645Options:

Configuring RADIUSA-4303538-A Rev 00Parameter: Response Timeout (seconds)Path: Protocols > Global Protocols > RADIUS > Edit ServerDefault: 3O

RADIUS Parameters303538-A Rev 00A-5 Protocol Parameters for RADIUS AuthenticationThese protocols are only for RADIUS authentication.Parameter: Slot Nu

vi303538-A Rev 00Chapter 3 Customizing the RADIUS Client ConfigurationModifying the Client’s IP Address ...

Configuring RADIUSA-6303538-A Rev 00Parameter: OSPF EnablePath: Protocols > Global Protocols > RADIUS > Edit RADIUS > Dial-In Protocol >

RADIUS Parameters303538-A Rev 00A-7 Parameter: Bridge EnablePath: Protocols > Global Protocols > RADIUS > Edit RADIUS > Dial-In Protocol &

303538-A Rev 00B-1 Appendix BRADIUS Parameter DefaultsTable B-1 lists the default settings for the RADIUS parameters.Table B-1. RADIUS Parameter Defau

303538-A Rev 00C-1 Appendix CConfiguration ExamplesThis appendix provides the following configuration examples for a router acting as a RADIUS client:

Configuring RADIUSC-2303538-A Rev 00Configuring RADIUS AuthenticationThis example explains how to configure the router as a RADIUS authentication clie

Configuration Examples303538-A Rev 00C-3 Enable RADIUS AuthenticationTo enable RADIUS authentication, begin at the Configuration Manager window:1.Sele

Configuring RADIUSC-4303538-A Rev 00Select IPFrom the RADIUS Client Configuration window:1.Click on Dial-In Protocol.Site Manager displays the RADIUS

Configuration Examples303538-A Rev 00C-5 Configuring RADIUS AccountingThis example explains how to configure the router as a RADIUS accounting client,

303538-A Rev 00viiCreate a Dial Backup Circuit ...C-7Enable RADIUS Acc

Configuring RADIUSC-6303538-A Rev 00Before You BeginBefore you begin, do the following:1.Create and save a configuration file with at least one PPP in

Configuration Examples303538-A Rev 00C-7 You return to the Backup Lines Definition window. The letter B (backup) appears next to the ISDN port to indi

Configuring RADIUSC-8303538-A Rev 00Enable RADIUS AccountingTo enable RADIUS accounting, begin at the Configuration Manager window:1.Select Protocols

Configuration Examples303538-A Rev 00C-9 Configuring RADIUS Accounting and AuthenticationThis example explains how to configure the router as a RADIUS

Configuring RADIUSC-10303538-A Rev 00Before You BeginBefore you begin, do the following:1.Create and save a configuration file with at least one Frame

Configuration Examples303538-A Rev 00C-11 10.Click on Done.You return to the RADIUS Client Configuration window.11.Keep this window open and go to the

303538-A Rev 00Index-1Aaccounting. See RADIUS, accounting, 2-6Acct. UDP Port parameter, A-3acronyms, xvalternate RADIUS servers, configuring, 2-7Auth.

Index-2303538-A Rev 00Maximum Message Retry, A-3OSPF Enable, A-6Response Timeout, A-4RIP Enable, A-5Server IP AddressServer Mode, A-2Server Reset Time

303538-A Rev 00ixFiguresFigure 1-1. Configuration Manager Window ................1-3Figure 1-2. RADIUS