Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

RADIUS Authentication

Description

RADIUS (Remote Authentication Dial-In User Service) is a client/server authentication system that supports remote-access applications. User profiles are kept in a central database on a RADIUS authentication server. Client computers or applications connect to the RADIUS server to authenticate users.

You can configure the 61000/41000 Security System to work as a RADIUS client. The 61000/41000 Security System does not include RADIUS server functionality. You can configure the 61000/41000 Security System to authenticate users even when they are not defined locally. See Configuring Non-local RADIUS Users.

You can configure your 61000/41000 Security System computer to connect to multiple RADIUS servers.
If the first server in the list is unavailable, the next RADIUS server in the priority list connects.
You can delete a server at all times.

To set the 61000/41000 Security System as a Radius client

Use the aaa radius-servers commands to add, configure, and delete Radius authentication servers

To configure RADIUS for use in a single authentication profile:

add aaa radius-servers priority VALUE host VALUE [ port VALUE ] prompt-secret timeout VALUE
add aaa radius-servers priority VALUE host VALUE [ port VALUE ] secret VALUE timeout VALUE

Example: Adding a new radius server 1.1.1.1 which listens on port 1812

add aaa radius-servers priority 1 host 1.1.1.1 port 1812 prompt-secret timeout 3

To delete a RADIUS configuration:

delete aaa radius-servers priority VALUE

To change the configuration of a RADIUS entry:

set aaa radius-servers priority VALUE host VALUE
set aaa radius-servers priority VALUE new-priority VALUE
set aaa radius-servers priority VALUE port VALUE
set aaa radius-servers priority VALUE prompt-secret
set aaa radius-servers priority VALUE secret VALUE
set aaa radius-servers priority VALUE timeout VALUE

Note: the configuration is done according to the priority and not the sever ID or name.

To view a list of all servers associated with an authentication profile:

show aaa radius-servers list

To view the RADIUS server configuration:

show aaa radius-servers priority VALUE host
show aaa radius-servers priority VALUE port
show aaa radius-servers priority VALUE timeout

Parameters:

Parameter

Description

priority

RADIUS server priority as an integer between 0 and 999 (default=0). When there two or more RADIUS servers, Gaia connects to the server with the highest priority. Low numbers have the higher priority.

new-priority

New RADIUS server priority as an integer between 0 and 999 (default=0). When there two or more RADIUS servers, Gaia connects to the server with the highest priority. Low numbers have the higher priority.

host

RADIUS server IP address in dot-delimited format.

port

UDP port on the RADIUS server. This value must match the port as configured on the RADIUS server. Typically this 1812 (default) or 1645 (non-standard but a commonly used alternative).

prompt secret

Shared secret (password) text string. The system prompts you to enter the value.

timeout

The number of seconds to wait for the server to respond. The default value 3 seconds.

secret

The shared secret used to authenticate the RADIUS server and the local client. You must define this value on your RADIUS server.

Note: After RADIUS client configuration, any authentication request will be forwarded to the RADIUS server. As a result, every account that is configured locally should be configured on the RADIUS server as well.

Related Topics

Configuring Non-local RADIUS Users

Configuring Local Radius users (with specific role)

 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print