Specifications
Security Options 75
Chapter 5
Shared Secret – Each RADIUS client-server pair must use a shared secret.
Treat this shared secret as a password, and ensure that it is not an
easily-guessed word. Ensure that the shared secret is configured identically
on the RADIUS server.
Authentication Port – Specifies the UDP port number over which RADIUS
exchanges will take place. The default is 1812 – this value is typically used by
most modern RADIUS implementations.
Accounting Port – When RADIUS accounting is enabled, this value specifies
the UDP port number over which RADIUS accounting exchanges will take
place. The default is 1813 – this value is typically used by most modern
RADIUS implementations.
Num Retries – Specifies the number of times that the Alcatel switch will send
authentication requests without receiving a reply
Timeout – Specifies how long, in seconds, the Alcatel switch will wait for a
response from the RADIUS server for each request sent.
Mode – Enables or disables use of this RADIUS server. A server may be
disabled, for example, when the server will be offline for maintenance.
The equivalent CLI configuration for the example above is:
aaa radius-server "Auth2" host 192.168.24.2 key abc123
authport 1812 acctport 1813 retransmit 3 timeout 5
mode "enable"
Server Rules
For each authentication server used by the system, a server rule may be
configured to specify how role and VLAN information is determined. Role and
VLAN determination may be done simply by specifying a default value per
authentication type, or the information may be learned from the authentication
server through a RADIUS attribute. Any attribute may be used – the server rule
specifies how that attribute is mapped into a role or VLAN. Server rules are
executed in order, and multiple server rules may be configured for each
authentication server. To add a new server rule, click the “Add” button.