Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

RADIUS Authentication

RADIUS (Remote Authentication Dial-In User Service) is a client/server authentication system that supports remote-access applications. User profiles are kept in a central database on a RADIUS authentication server. Client computers or applications connect to the RADIUS server to authenticate users.

You can configure the 61000/41000 Security System to work as a RADIUS client. The 61000/41000 Security System does not include RADIUS server functionality. You can configure the 61000/41000 Security System to authenticate users even when they are not defined locally. See Configuring Non-local RADIUS Users.

You can configure your 61000/41000 Security System computer to connect to multiple RADIUS servers. If the first server in the list is unavailable, the next RADIUS server in the priority list connects.

You can delete a server at any time.

To set the 61000/41000 Security System as a Radius client

Use the aaa radius-servers commands to add, configure, and delete Radius authentication servers.

To configure RADIUS for use in a single authentication profile:

> add aaa radius-servers priority <priority> host <host> [ port <port>] prompt-secret timeout <timeout>
> add aaa radius-servers priority <priority> host <host> [ port <port>] secret <secret> timeout <timeout>

Example: Adding a new radius server 1.1.1.1 which listens on port 1812

> add aaa radius-servers priority 1 host 1.1.1.1 port 1812 prompt-secret timeout 3

To delete a RADIUS configuration:

> delete aaa radius-servers priority <priority>

To change the configuration of a RADIUS entry:

> set aaa radius-servers priority <priority> host <host>
> set aaa radius-servers priority <priority> new-priority <priority>
> set aaa radius-servers priority <priority> port <port>
> set aaa radius-servers priority <priority> prompt-secret
> set aaa radius-servers priority <priority> secret <secret>
> set aaa radius-servers priority <priority> timeout <timeout>

Note - The configuration is done according to the priority and not the sever ID or name.

To see a list of all servers associated with an authentication profile:

> show aaa radius-servers list

To see the RADIUS server configuration:

> show aaa radius-servers priority <priority > host
> show aaa radius-servers priority <priority> port
> show aaa radius-servers priority <priority> timeout

Parameter

Description

priority <priority>

RADIUS server priority as an integer between 0 and 999 (default=0). When there two or more RADIUS servers, Gaia connects to the server with the highest priority. Low numbers have the higher priority.

new-priority <priority>

New RADIUS server priority as an integer between 0 and 999 (default=0). When there two or more RADIUS servers, Gaia connects to the server with the highest priority. Low numbers have the higher priority.

host <host>

RADIUS server IP address in dot-delimited format.

port <port>

UDP port on the RADIUS server. This value must match the port as configured on the RADIUS server. Typically this 1812 (default) or 1645 (non-standard but a commonly used alternative).

prompt secret

Shared secret (password) text string. The system prompts you to enter the value.

timeout <timeout>

The number of seconds to wait for the server to respond. The default value 3 seconds.

secret <secret>

The shared secret used to authenticate the RADIUS server and the local client. You must define this value on your RADIUS server.

Note - After RADIUS client configuration, every authentication request is forwarded to the RADIUS server. Therefore, every account that is configured locally must be configured on the RADIUS server as well.

Related Topics

Configuring Non-local RADIUS Users

Configuring Local Radius users (with specific role)

 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print