Cabletron Systems CyberSWITCH CSX150 User Manual

Also see for CyberSWITCH CSX150: User guide Quick start guide

Contents

Small Office Remote Access Switch 163CONFIGURING O FF - NODE S ERVER I NFORMATIONRADIUS Authentication ServerRADIUS A UTHENTICATION SERVER CONFIGURATION E LEMENTSIP A DDRESSThe IP address in dotted decimal notation for the RADIUS Server. This information is required forthe Primary RADIUS Server, and also required if a Secondary RADIUS Server is configured. If aSecondary RADIUS Server is configured, it must have a different IP address than the PrimaryRADIUS Server.S HARED S ECRETThe shared secret can be 1 to 16 characters in length. Any ASCII character may be used. The sameshared secret is configured on the CyberSWITCH and the RADIUS Server. It is used for securitypurposes. As opposed to a password, a shared secret is not sent across lines, and therefore is notsusceptible to interception. Instead, a calculation is done on the packets transmitted between thetwo devices, and the results are compared to the shared secret for validation. The shared secretbetween the CyberSWITCH and the selected server secures the access to both devices. Both devicesmust know the shared secret before any exchange of information can take place. If the calculation’sresults do not match the shared secret, the connection is terminated.The RADIUS maintains a list of all the system’s services, which includes an entry for each System’sIP address and associated shared secret.UDP PORT NUMBERThe UDP port number used by the RADIUS Server. This information is required for the PrimaryRADIUS Server, and also required if a Secondary RADIUS Server is configured. The default valueof 1645 is almost always used.NUMBER OF ACCESS REQUEST RETRIESThe number of Access Request Retries that the system will send to the RADIUS Server. The initialdefault value is 3. The acceptable range is from 0 to 32,767.TIME BETWEEN ACCESS REQUEST RETRIESThe time between Access Request Retries sent from the system. The initial default value is 1. Theacceptable range is from 1 to 10,000.RADIUS A UTHENTICATION SERVER BACKGROUND I NFORMATIONIf you require a central database for device authentication (capable of servicing severalCyberSWITCHes), you can use an industry standard authentication server. The RemoteAuthentication Dial-In User Service (RADIUS) serves this purpose for both device level and devicelevel security on the CyberSWITCH. The RADIUS Server can also be used to authenticate anadministrative session.The Remote Authentication Dial-In User Service (RADIUS) is a central database supported by theCyberSWITCH. RADIUS operates using two components: an authentication server and clientprotocols. The RADIUS Server software is installed on a UNIX-based system that is local to thenetwork. The client protocols allow the CyberSWITCH to communicate with the RADIUS server,ultimately authenticating devices.The following is a typical scenario if the RADIUS Server is activated: when a remote device needsto be authenticated, the system will send an access request to the primary RADIUS Server. Afterthe configured time interval the system will send an access request retry if the primary server doesnot respond. After the configured number of retries, the system will request authentication