Netgear XCM8806 - 8800 SERIES 6-SLOT CHASSIS SWITCH ユーザーズマニュアル

Implementation Notes for Specific RADIUS Servers

The following sections provide some implementation notes on specific RADIUS servers:

Cistron Radius is a popular server, distributed under GPL. Cistron Radius can be found at:

When you configure the Cistron server for use with NETGEAR switches, you must pay close 
attention to the users file setup. The Cistron Radius dictionary associates the word 
Administrative-User with Service-Type value 6, and expects the Service-Type entry to appear 
alone on one line with a leading tab character.

The following is a user file example for read-write access:

adminuser   Auth-Type = System

            Service-Type = Administrative-User,

            Filter-Id = “unlim”

For users of their RSA SecureID

®

 product, RSA offers RADIUS capability as part of their 

RSA/Ace Server

®

 server software. With some versions of Ace, the RADIUS shared-secret is 

incorrectly sent to the switch resulting in an inability to authenticate. As a work around, do not 
configure a shared-secret for RADIUS accounting and authentication servers on the switch. 

For users who have the Steel-Belted Radius (SBR) server from Juniper Networks, it is 
possible to limit the number of concurrent login sessions using the same user account. This 
feature allows the use of shared user accounts, but limits the number of simultaneous logins 
to a defined value. Using this feature requires Steel-Belted Radius for RADIUS authentication 
and accounting.

To limit the maximum concurrent login sessions under the same user account:

Configure RADIUS and RADIUS-Accounting on the switch.

The RADIUS and RADIUS-Accounting servers used for this feature must reside on the 
same physical RADIUS server. Standard RADIUS and RADIUS-Accounting configuration 
is required as described earlier in this chapter.

Modify the SBR vendor.ini file and user accounts.