Product specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface

141

142

143

144

145

146

147

148

149

150

Efficient Networks

Router family

Technical Reference Guide

Chapter 5: System Security

Efficient Networks

Page 5-11

Once the RADIUS server receives the request, it validates the RADIUS client that

sent the request. A request from a client for which the RADIUS server does not have

a shared secret is discarded. If the client is valid, the RADIUS server consults a

database of users to find the user whose name matches the request. The user entry

in the database contains the required elements for authentication including the

usename, password, access and management privileges.

Client-Server Security

Transactions between the client and server are authenticated through the use of a

shared secret, which is never sent over the network. In addition, any user passwords

are sent encrypted between the client and RADIUS server, to further secure account

passwords.

Radius Client Configuration Procedures

The following paragraphs describe the procedures to configure the RADIUS client

through the command line interface. The RADIUS client is a key-enabled feature and

is not available without a valid key. For more information on adding a key, see “Key

Enabled Features” on page 4-29.

For RADIUS client configuration via the WMI, see “User Lookup Configuration” on

page 8-22.

Secret Configuration

The RADIUS client is authenticated by a RADIUS server through a shared secret.

When configuring the shared secret:

• If multiple RADIUS Servers (a primary and secondary are supported) are

configured, one shared secret is required per server.

• On the command line the primary server is specified as ’1’ and the secondary

server is specified as ’2’. If the server is not specified, the command will, by

default, configure for the primary server.

• Only one shared secret (for primary or secondary server) can be set per

command.

• The shared secret’s composition is an ASCII string up to 64 characters.

• Secrets are never displayed in plain text format and are encrypted during

client-server transactions.

The following command will set the shared secret for the secondary server to noclues.

-> radius set secret 2 noclues

The following command displays the shared secret.

-> rad list secret