Installation guide

ManualsBrandsAztech ManualsNetworking110

Quadro Manual II: Administrator's Guide Administrator's Menus

Quadro4x, 4xi, 4xa, 4xia, 4xs, 4xis, Quadro16x, 16xi, 16xa, 16xia, 16xs, 16xis; (SW Version 3.1.x) 76

RADIUS Client Settings

The RADIUS (Remote Authentication Dial In User Service) specifies the RADIUS protocol used for authentication and authorization, to differentiate,

to secure and to account for the users. The RADIUS Server gives an extra possibility for caller from/through Quadro to pass authentication to be able

to dial the specific number.

When RADIUS client is enabled on the Quadro, any caller that dials routing pattern with Authentication&Accounting option selected (see

Call

Routing

table), will primarily pass authentication locally, through Local AAA Table, and if local authentication failed, will pass additional

authentication on the RADIUS Server. This can be accomplished by caller’s number automatic detection or a customizable login prompt, where caller

is expected to enter username and password.

Transactions between the client and the RADIUS server are authenticated through the use of a shared Secret Key, which is never sent over the

network. In addition, any user passwords are sent encrypted between the client and RADIUS server, to eliminate the possibility that someone

snooping on an insecure network could determine a user's password. If no response from the RADIUS Server is returned after Receive Timeout

expires, the request is resent a number of times, defined in the Retry Count list. The client also can forward requests to an alternate server or servers

if the primary server is down or unreachable. An alternate server can be used after a number of failed tries to the primary server.

Once the RADIUS server receives the request, it determines if the sending client is valid. A request from a client that the RADIUS server does not

have a shared secret must be silently discarded. If the client is valid, the RADIUS server consults a database of users to find the user whose name

matches the request. The user entry in the database contains a list of requirements (username, password, etc.) that must be met to give access to

the user. If all conditions are met, the user gets access to the Quadro Network.

The RADIUS Client Settings page contains the Enable RADIUS Client checkbox that enables RADIUS client on the Quadro.

Please Note: RADIUS Client cannot be disabled if there is at least one route with Authentication&Accounting or Accounting value configured in

the AAA Required drop down list at the

Call Routing table. To be able to disable the RADIUS Client on the Quadro, appropriate routes should be

remove first.

The other RADIUS Client settings are divided into three groups:

1. Registration Settings

Primary Server requires the IP address of the primary Radius

Server.

Secondary Server requires the IP address of the secondary

Radius Server.

NAT Station IP text fields require the NAT PC WAN IP address. If

no NAT Station is specified here, Quadro’s IP address will be sent

to the RADIUS server.

Secret Key is used to insert the secret key between the Radius

client and the server. Contact the Radius server administrator to

get the secret key for your Quadro.

Confirm Secret Key field is used to verify the secret key. If the

entered Secret Key does not correspond to the one in the

Confirm Secret Key field, the error will appear: “The Secret Key

does not match. Please try again”.

Retry Count allows selecting the number of attempts before

canceling the registration.

Receive Timeout allows selecting the timeout (in seconds)

between two attempts to register.

Encoding Type allows selecting the encoding type (PAP or

CHAP) that should be unique on both the client and the server

sides for the establishment of a successful connection. Encoding

type also should be requested from the Radius Server

administrator.

The Authorization Port text field requires the port number on the

RADIUS server where Quadro will send the authentication

requests.

The Accounting Port text field requires the port number on the

RADIUS server where Quadro will send the accounting messages.

Fig. II-121: Radius Client Settings page

1. Authentication Settings

Enable common login for all users in time of by Phone authentication checkbox enables custom settings for the callers passed an authorization

by phone on the Quadro. Checkbox enables Username and Password text fields to insert the custom settings that will stand instead of source

caller’s settings when being delivered to the RADIUS server.

Authentication on Destination RADIUS Server parameters group is used to insert a Username and a Password (followed by the password

confirmation) used by PSTN callers to pass the authentication on to the RADIUS Server of the destination Quadro. If these fields are left empty, the

original authentication settings that PSTN users enter for authentication will be used.

3. Accounting Settings