Table of Contents
Advertisement
RUGGEDCOM ROX II
CLI User Guide
Attribute
A RADIUS server may also be used to authenticate access on ports with IEEE 802.1x security enabled. When this is
required, the following attributes are sent by the RADIUS client to the RADIUS server:
Attribute
User-Name
NAS-IP-Address
Service-Type
Frame-MTU
a
EAP-Message
a
EAP-Message is an extension attribute for RADIUS, as defined by
Primary and secondary RADIUS servers, typically operating from a common database, can be configured for
redundancy. If the first server does not respond to an authentication request, the request will be forwarded to the
second server until a positive/negate acknowledgment is received.
NOTE
RADIUS authentication activity is logged to the authentication log file var/log/auth.log. Details
of each authentication including the time of occurrence, source and result are included. For more
information about the authentication log file, refer to
RUGGEDCOM ROX II supports RADIUS authentication for the LOGIN and PPP services. Different RADIUS servers can
be configured to authenticate both services separately or in combination.
The LOGIN services consist of the following access types:
• Local console logins via the serial port
• Remote shell logins via SSH and HTTPS
• Secure file transfers using HTTPS, SCP and SFTP (based on SSH)
Authentication requests for LOGIN services will attempt to use RADIUS first and any local authentication settings
will be ignored. Only when there is no response (positive/negative) from any of the configured RADIUS servers will
RUGGEDCOM ROX II authenticate users locally.
The PPP service represents incoming PPP connections via a modem. Authentication requests to the PPP service use
RADIUS only. In the event that no response is received from any configured RADIUS server, RUGGEDCOM ROX II
will not complete the authentication request.
CONTENTS
•
Section 6.7.3.1, "Configuring RADIUS Authentication for LOGIN Services"
•
Section 6.7.3.2, "Configuring RADIUS Authentication for PPP Services"
•
Section 6.7.3.3, "Configuring RADIUS Authentication for Switched Ethernet Ports"
Section 6.7.3.1
Configuring RADIUS Authentication for LOGIN Services
To configure RADIUS authentication for LOGIN services, do the following:
Configuring RADIUS Authentication for LOGIN Services
Value
String: RuggedCom
Value
{ The user name as derived from the client's EAP identity response }
{ The Network Access Server IP address }
2
1500
{ A message(s) received from the authenticating peer }
RFC 2869
[http://freeradius.org/rfc/rfc2869.html#EAP-Message].
Section 4.10.1, "Viewing
Chapter 6
Security
Logs".
139
Hide quick links:
Advertisement
Chapters
Table of Contents
