Avaya 3.7 User Manual
Configuring remote access users
126 Avaya VPNmanager Configuration Guide Release 3.7
The RADIUS protocol
The RADIUS protocol is documented in an Internet Engineering Task Force (IETF) Request for
Comment (RFC), specifically RFC 2058.
Comment (RFC), specifically RFC 2058.
●
Client/Server Model – A Network Access Server (NAS) operates as a client of RADIUS.
The client is responsible for passing user information to designated RADIUS servers and
then acting on the response that is returned. RADIUS servers are responsible for receiving
user connection requests, authenticating the user, and then returning all configuration
information necessary for the client to deliver service to the user. A RADIUS server can act
as a proxy client to other RADIUS servers or other kinds of authentication servers.
The client is responsible for passing user information to designated RADIUS servers and
then acting on the response that is returned. RADIUS servers are responsible for receiving
user connection requests, authenticating the user, and then returning all configuration
information necessary for the client to deliver service to the user. A RADIUS server can act
as a proxy client to other RADIUS servers or other kinds of authentication servers.
●
Network Security – Transactions between the client and RADIUS server are
authenticated through the use of a shared secret, which is never sent over the network.
Additionally, user passwords are sent encrypted between the client and RADIUS server to
eliminate the possibility that someone snooping on an unsecure network could determine
a user’s password.
authenticated through the use of a shared secret, which is never sent over the network.
Additionally, user passwords are sent encrypted between the client and RADIUS server to
eliminate the possibility that someone snooping on an unsecure network could determine
a user’s password.
●
Flexible Authentication Mechanisms – The RADIUS server can support a variety of
methods to authenticate a user; when given the user name and the original user
password, it can support PPP, PAP or CHAP, UNIX login, and other authentication
mechanisms, some of which include the use of cryptographically strong tokens. These
tokens use a two-factor approach to authentication: the first is a Personal Identification
Number (PIN); the second is a value taken from the token. An example of a two-factor
authentication mechanism is the SecurID™ token card and ACE/Server AccessManager
by RSA Security.
methods to authenticate a user; when given the user name and the original user
password, it can support PPP, PAP or CHAP, UNIX login, and other authentication
mechanisms, some of which include the use of cryptographically strong tokens. These
tokens use a two-factor approach to authentication: the first is a Personal Identification
Number (PIN); the second is a value taken from the token. An example of a two-factor
authentication mechanism is the SecurID™ token card and ACE/Server AccessManager
by RSA Security.
Some RADIUS server implementations use several files to manage the database of information
needed to provide Client authentication. A number of these files must be modified to use the
VSUs as an NAS within a RADIUS environment.
needed to provide Client authentication. A number of these files must be modified to use the
VSUs as an NAS within a RADIUS environment.
Add (RADIUS/ACE server)
Authenticating (secret) password
Enter the authenticating password followed by a retype.
RADIUS server data
IP Address - Enter the IP address of the RADIUS/ACE server.
UDP Port - Enter the UDP port of the server. The default value is 1645. Check your RADIUS
server documentation to verify the value for this field.
server documentation to verify the value for this field.