Specifications
Security Options 117
Chapter 5
z CHAP
z UNIX Login
z Others
RADIUS authentication is based on the exchange of shared secrets between a
client and the authentication server. The client issues an Access Request
packet which contains an encrypted shared secret.
The servers checks to see if it has a shared secret for the client, if not then the
packet is silently dropped. If it has a shared secret for the client, the shared
secret in the decrypted packet is compared to the shared secret stored on the
server.
When the server receives the packet is decrypts the shared secret and
compares it to the shared secret for the requesting client, stored on the
server.
The server may also validate other parameters such as time of day, NAS, or
access ports before it will authenticate the user.
LDAP
LDAP (Lightweight Directory Access Protocol) is defined by RFC 1777 (1995).
Originally designed at the University of Michigan to adapt a highly complex
directory system to the internet. LDAP provides a means to access complex
directory structures to verify user name and password information for
authentication.
MAC
MAC authentication uses the MAC address of the client device to establish an
identity for authentication.
The actual authentication may be done by RADIUS, LDAP, or Local Database
on the switch.
Supported VPN Clients
The following third-party VPN clients are supported in release 2.0.6 or higher:
z Microsoft Windows XP with built-in PPTP VPN and L2TP/IPSec support
z Microsoft Windows 2000 with built-in PPTP VPN and L2TP/IPSec support
z Microsoft Windows NT 4.0
z Microsoft Windows ME
z Microsoft Windows 98SE