Owner's Manual
Chapter 17. Security | 481
NETGEAR 8800 User Manual
The key components of the example above are the MAC address, password (which is set to
the MAC address), attributes, and NETGEAR VSAs. For simple authentication, you only
need to enter the MAC address (00040D9D12AF in this example) and a password as
described in the RADIUS server documentation.
Enter the attributes for each user and separate them from the others with commas as
described in the RADIUS server documentation.
In the example above, the Session-Timeout and Termination-Action attributes are examples
of standard RADIUS attributes, and these are described in
Standard RADIUS Attributes Used
by NETGEAR Switches on page 481. The NETGEAR-Security-Profile and
NETGEAR-Netlogin-Vlan attributes are examples of NETGEAR VSAs and are described in
NETGEAR VSAs on page 483.
Standard RADIUS Attributes Used by NETGEAR Switches
The XCM8800 software uses standard RADIUS attributes to send information in an
Access-Request message to a RADIUS server. The software also accepts some standard
RADIUS attributes in the Access-Accept message that the RADIUS server sends to the
switch after successful authentication. The switch ignores attributes that it is not programmed
to use.
Table 50 lists the standard RADIUS attributes used by the XCM8800 software.
Table 50. Standard RADIUS Attributes Used by Network Login
Attribute RFC Attribute
Type
Format Sent-in Description
User-Name RFC 2138 1 String Access-Request Specifies a user name for
authentication.
Calling-Station-ID RFC 2865 31 String Access-Request Identifies the phone number
for the supplicant requesting
authentication.
EAP-Message RFC 3579 79 String Access-Request,
Access-Challenge,
Access-Accept,
and Access Reject
Encapsulates EAP packets.
Login-IP-Host RFC 2138 14 Address Access-Request
and
Access-Accept
Specifies a host to log into
after successful
authentication.
Message-
Authenticator
RFC 3579 80 String Access-Request,
Access-Challenge,
Access-Accept,
and Access Reject
Contains a hash of the entire
message that is used to
authenticate the message.
NAS-Port-Type RFC 2865 61 Integer Access-Request Identifies the port type for the
port through which
authentication is requested.