RADIUS Authentication
Description
RADIUS (Remote Authentication Dial-In User Service) is a client/server authentication system that supports remote-access applications. User profiles are kept in a central database on a RADIUS authentication server. Client computers or applications connect to the RADIUS server to authenticate users.
You can configure the 61000/41000 Security System to work as a RADIUS client. The 61000/41000 Security System does not include RADIUS server functionality. You can configure the 61000/41000 Security System to authenticate users even when they are not defined locally. See Configuring Non-local RADIUS Users.
You can configure your 61000/41000 Security System computer to connect to multiple RADIUS servers. If the first server in the list is unavailable, the next RADIUS server in the priority list connects. You can delete a server at all times.
To set the 61000/41000 Security System as a Radius client
Use the aaa radius-servers commands to add, configure, and delete Radius authentication servers
To configure RADIUS for use in a single authentication profile:
add aaa radius-servers priority VALUE host VALUE [ port VALUE ] prompt-secret timeout VALUE
add aaa radius-servers priority VALUE host VALUE [ port VALUE ] secret VALUE timeout VALUE
Example: Adding a new radius server 1.1.1.1 which listens on port 1812
add aaa radius-servers priority 1 host 1.1.1.1 port 1812 prompt-secret timeout 3
To delete a RADIUS configuration:
delete aaa radius-servers priority VALUE
To change the configuration of a RADIUS entry:
set aaa radius-servers priority VALUE host VALUE
set aaa radius-servers priority VALUE new-priority VALUE
set aaa radius-servers priority VALUE port VALUE
set aaa radius-servers priority VALUE prompt-secret
set aaa radius-servers priority VALUE secret VALUE
set aaa radius-servers priority VALUE timeout VALUE
Note: the configuration is done according to the priority and not the sever ID or name.
To view a list of all servers associated with an authentication profile:
show aaa radius-servers list
To view the RADIUS server configuration:
show aaa radius-servers priority VALUE host
show aaa radius-servers priority VALUE port
show aaa radius-servers priority VALUE timeout
Parameters:
Parameter
|
Description
|
priority
|
RADIUS server priority as an integer between 0 and 999 (default=0). When there two or more RADIUS servers, Gaia connects to the server with the highest priority. Low numbers have the higher priority.
|
new-priority
|
New RADIUS server priority as an integer between 0 and 999 (default=0). When there two or more RADIUS servers, Gaia connects to the server with the highest priority. Low numbers have the higher priority.
|
host
|
RADIUS server IP address in dot-delimited format.
|
port
|
UDP port on the RADIUS server. This value must match the port as configured on the RADIUS server. Typically this 1812 (default) or 1645 (non-standard but a commonly used alternative).
|
prompt secret
|
Shared secret (password) text string. The system prompts you to enter the value.
|
timeout
|
The number of seconds to wait for the server to respond. The default value 3 seconds.
|
secret
|
The shared secret used to authenticate the RADIUS server and the local client. You must define this value on your RADIUS server.
|
: After RADIUS client configuration, any authentication request will be forwarded to the RADIUS server. As a result, every account that is configured locally should be configured on the RADIUS server as well.
|