User Manual

ManualsBrandsLantronix ManualsComputers & AccessoriesLantronix CONSLE Server 10/100MBPS ENET (SCS400-02)

171

172

173

174

175

176

177

178

179

180

Security Database Configuration

11-14

2 The SCS creates an Access-Request packet that includes the username/password pair, an

identification string for the SCS, the port being used for the modem connection, the port type, and

other information as needed (see Authentication Attributes in Appendix D for more information). The

SCS then encrypts the password and sends the packet to the RADIUS authentication server.

Note: CHAP responses sent from the user’s PPP software to the SCS are not encrypted

beyond what is inherent to the operation of CHAP.

3 The RADIUS authentication server decrypts the Access-Request packet and routes it to the

appropriate security checking mechanism, such as a UNIX password file or Kerberos database. Based

on the information returned from the security check, one of the following occurs:

A If authentication is successful, the server sends an authentication acknowledgement (Access-

Accept) packet to the SCS. The packet may contain additional information about the user’s

network system and connection requirements, such as the type of connection required and

filtering information. The user is connected to a site or destination node if appropriate.

Note: See Appendix D, Supported RADIUS Attributes, for more information about

using filters with RADIUS.

B If authentication fails, the server sends an Access-Reject packet to the SCS. The SCS will move

on to the authentication method at the next precedence level, or terminate the connection if all

methods have been tried.

C The server may be configured to send a challenge to the user after attempting to log in. If this is

the case, the SCS will print the server’s challenge and prompt the user to enter a response. The

user must respond to the challenge, at which time step 3 is repeated using the response in place

of the password in the Access-Request Packet.

Note: In order to respond to the challenge, the user must be in character mode which

precludes the use of PAP or CHAP for authenticating the user. See RADIUS and

Sites on page 11-15.

To configure the SCS for RADIUS authentication, use the Set/Define Authentication RADIUS

commands.

Figure 11-30: Configuring the SCS to use RADIUS Authentication

In the example above, the third command tells the SCS to use port 1620 on the secondary RADIUS

authentication server rather than the default RADIUS authentication port (port 1645).

Note: See Set/Define Authentication RADIUS on page 12-159 for complete syntax and

information.

The secret string configured for the SCS must match that of the RADIUS server being used for

authentication.

Figure 11-31: Configuring the RADIUS Server

Local>> DEFINE AUTHENTICATION RADIUS PRECEDENCE 5

Local>> DEFINE AUTHENTICATION RADIUS PRIMARY 192.0.1.77

Local>> DEFINE AUTHENTICATION RADIUS SECONDARY 192.0.1.78 PORT 1620

Local>> DEFINE AUTHENTICATION RADIUS SECRET "ok829dsnva1843qx"