- Enterasys Security Router User's Guide

VPN Configuration Overview

XSR User’s Guide 14-25

Authentication, Authorization and Accounting Configuration

The XSR’s AAA implementation handles all authentication, authorization and accounting of users

(Remote Access) and peer gateways (Site-to-Site). The components include:

• Usernames and passwords for authentication

• Associated group name for authorization of network services

• IP addressing, including:

– Virtual addresses from a local IP pool

– DNS (primary and secondary) for remote access clients

– WINS (primary and secondary) for remote access clients

• Encryption settings for PPTP remote access clients

• AAA per interface (for clients), for PPP, and debugging

• Configuration for standard RADIUS. In addition to all the necessary values for

communicating securely with a RADIUS server, the XSR permits specifying a backup RADIUS

server for authentication failover. Refer to the table below for supported attributes.

Table 14-2 XSR-Supported RADIUS Attributes

Authentication Accounting Vendor-Specific

User-Name (1) Acct‐Status‐Type(40) MSCHAPResponse(1)

User‐Password(2) Acct‐Input‐Octets(42) MSCHAPError(2

NAS‐IP‐Address(4) Acct‐Output‐Octets(43) MSCHAPDomain(10)

Framed‐IP‐Address(8) Acct‐Session‐Id(44) MSCHAPChallenge(11)

Framed‐IP‐Netmask(9) Acct‐Session‐Time(46) MSCHAPMPPEKeys(12)

Framed‐MTU(12) Acct‐Input‐Packets(47) MPPESendKey(16)

Reply‐Message

(18) Acct‐Output‐Packets(48) MPPEReceiveKey(17

Class(25) Acct‐Terminate‐Cause(49) MSCHAP2Response(25)

State(24) MSCHAP2Success(26)

Vendor‐Specific(26)

NAS‐Identifier(32)

NAS‐Port‐Type(61)

EAP‐Message(79

Message‐Authenticator(80)