RADIUS Security ManagementML700 User Manual 12-15RADIUSRemote Authentication Dial-In User Service (RADIUS) is a distributed client/server systemthat centralizes control of device access. If RADIUS is used, all user profiles and accesslimits to the ML devices can be managed via the RADIUS server. The ML devices serve asclients which send authentication requests to a central RADIUS server.NOTE: The Radius option can be configured on an ML level (as described in this section) or for allselected MLs through the Group menu, Radius option.It is recommended to use RADIUS in the following network environments: Networks with multiple-vendor access servers Networks already using RADIUS Networks in which a user must only access a single service Networks that require resource accounting Networks with dynamic group of users (no need to set changes in the group on all NEsbut only in one location)From R6.0 and higher, RADIUS on ML supports: PAP (Password Authentication Protocol). (CHAP (Challenge Handshake AuthenticationProtocol) is not supported, where CHAP messages are discarded by the system.) Authentication only (RFC 2865). All account messages (supported in RFC2866) arediscarded by the system.Configuring for RADIUS OperationIn order for the ML to be secured with the RADIUS server, two types of operations arerequired: Configure the ML NE (as a Radius client) with the RADIUS server address and with therelevant communication parameters. See Configuring RADIUS on ML (on page 12-16). Configure the Radius Server to respond with a Message (on page 12-18) which providesService-Type (on page 12-19) (Parameter ID #6) with values 1, 7 or 6 - for read, writeand admin user accordingly.Authentication of user upon TL1 login is processed by checking for: record availability for specified UserID (name); matching of typed and registered (stored encrypted) password; checking for the UserID privileges (read only, read-write, or full admin access) idle session timeout (to close the session between ML and TL1 (MAV) agentautomatically if no activities detected).