Enterasys 6000 User Guide
Radius Configuration Screen
3-34
Accessing Local Management
3.9.1
Setting the Last Resort Authentication
The Radius client can be configured to use primary and secondary servers. If the primary server
does not respond within the specified number of retries during the specified time-out period, the
client will then attempt to authenticate using the secondary server. If the secondary server also
does not respond, then the client returns a time-out condition.
does not respond within the specified number of retries during the specified time-out period, the
client will then attempt to authenticate using the secondary server. If the secondary server also
does not respond, then the client returns a time-out condition.
The “last resort” platform action in case of Radius server time-out for both local and remote access
is selectable for each type of access:
is selectable for each type of access:
•
Local login via the COM port.
•
Remote login via a remote network TELNET connection.
3.9.2
Setting the Local and Remote Servers
Before setting the parameters, refer to
and
Radius Servers and Last Resort Authentication. To set the local and remote server, proceed as
follows:
follows:
1. Highlight the Timeout field and enter the maximum time in seconds to establish contact with
the Radius Server before timing out.
2. Highlight the Retries field and enter the desired maximum number of attempts (1…N) to contact
the Radius Server before timing out.
3. Highlight the Last-Resort Action/Local field and select ACCEPT, CHALLENGE, or
REJECT to allow local access at the super-user level with no further attempt at authentication;
revert local module to (legacy) passwords, or not allow local access.
revert local module to (legacy) passwords, or not allow local access.
4. Highlight the Last-Resort Action/Remote field select ACCEPT, CHALLENGE, or
REJECT to allow remote access at the super-user level with no further attempt at
authentication, revert remote module to (legacy) passwords, or not allow remote access,
respectively.
authentication, revert remote module to (legacy) passwords, or not allow remote access,
respectively.
5. Use the arrow keys to highlight the IP Address field and enter the IP address (in decimal-dot
format) of the primary and secondary servers being configured for the RADIUS function.
6. Highlight the Secret field and enter a secret string of characters or the primary and secondary
server (16 characters are recommended as per RFC 2865. The maximum is 32 characters).
7. Highlight the Auth Port field and enter the number of the Accounting UDP Port for the Primary
and Secondary server.
8. Use the arrow keys to highlight the SAVE command and press ENTER to save your settings.