User's Manual

ManualsBrandsPLANET Technology ManualsLAN SwitchesLayer 3 48-Port 10G SFP+ + 2-Port 40G QSFP+ + 4-Port 100G QSFP28 Managed Switch

101

102

103

104

105

106

107

108

109

110

Chapter 9 Configuring RADIUS

This chapter describes the Remote Authentication Dial-In User Service (RADIUS) security system, defines its

operation, and identifies appropriate and inappropriate network environments for using RADIUS technology.

The "RADIUS Configuration Task List" section describes how to configure RADIUS with the authentication,

authorization, and accounting (AAA) command set. The last section in this chapter-RADIUS Configuration

Examples- provides with two examples. Refer to RADIUS Configuration Commands for more details of

RADIUS command.

9.1 Overview

9.1.1 RADIUS Overview

RADIUS is a distributed client/server system that secures networks against unauthorized access. In the

implementation, RADIUS clients run on SWITCHs and send authentication requests to a central RADIUS

server that contains all user authentication and network service access information. RADIUS has been

implemented in a variety of network environments that require high levels of security while maintaining network

access for remote users.

Use RADIUS in the following network environments that require access security:

 Networks with multiple-vendor access servers, each supporting RADIUS. For example,

access servers from several vendors use a single RADIUS server-based security database.

In an IP-based network with multiple vendors' access servers, dial-in users are authenticated

through a RADIUS server.

 Networks in which a user must only access a single service. Using RADIUS, you can control

user access to a single host, to a single utility such as Telnet, or to a single protocol such as

Point-to-Point Protocol (PPP). For example, when a user logs in, RADIUS identifies this user

as having authorization to run PPP using IP address 10.2.3.4 and the defined access list is

started.

 Networks that require resource accounting. You can use RADIUS accounting independent

of RADIUS authentication or authorization. The RADIUS accounting functions allow data to

be sent at the start and end of services, indicating the amount of resources (such as time,

packets, bytes, and so on) used during the session.

RADIUS is not suitable in the following network security situations:

 RADIUS does not support the following protocols:

：

AppleTalk Remote Access (ARA)

NetBIOS Frame Control Protocol (NBFCP)

 NetWare Asynchronous Services Interface (NASI)

 X.25 PAD connections

 Conditions of SWITCH to other switching devices. RADIUS does not provide two-way

authentication. On the SWITCH only incoming call authentication is available when running

RADIUS. The outbound call is impossible.

 Networks using a variety of services. RADIUS generally binds a user to one service model.