Specifications
Managing Access Server Security
23-12
Managing RADIUS
Introduction
A RADIUS server must be operational on the network. The RADIUS server can
include accounting capability, but the RADIUS accounting can be in a separate
server, on a different node. In addition, there can be multiple RADIUS servers on
the network, and RADIUS provides a method for using a second server should
the attempt with the first server result in no response.
A node that has the RADIUS server is considered an authentication host. A node
that has a RADIUS accounting server is considered an accounting host.
RADIUS security involves the definition on the access server of one or more
RADIUS realms. A realm is an administrative domain for the purpose of
authentication which can supply default values for many attributes associated
with RADIUS access and usage. Each RADIUS realm points to its own associated
RADIUS authenticating host and accounting host.
Minimal Setup for RADIUS
The minimal configuration requires the following commands to set up the remote
ports used for communication with the RADIUS server(s). These features must be
assigned in order for any communication with a RADIUS server or a RADIUS
accounting server to take place.
• The following example shows the commands used to set up RADIUS security:
Local> CHANGE RADIUS REALM JONAS.COM
• This command defines/initializes a new RADIUS realm:
Local> CHANGE RADIUS REALM JONAS.COM AUTHEN HOST ip-addr
• This command defines RADIUS server authentication node:
Local> CHANGE RADIUS REALM JONAS.COM SECRET " secret_string"
Variables
Words in examples in italics indicate user-supplied variables. In this case, the
variable JONAS.COM is the name of the specific realm on which you want to
perform this action.