Radius Authentication - Avaya 8800 Planning And Engineering, Network Design

Network security
can build a full Layer 3 routed network and securely manage the switch with any of the in-band IP
addresses attached to any one of the VLANs (see the following figure).
Figure 143: Access levels
Avaya recommends that you use access policies for in-band management when securing access to
the switch. By default, all services are accessible by all networks.

RADIUS authentication

You can enforce access control by utilizing RADIUS (Remote Authentication Dial-in User Service).
RADIUS is designed to provide a high degree of security against unauthorized access and to
centralize the knowledge of security access based on a client/server architecture. The database
within the RADIUS server stores a list of pertinent information about client information, user
information, password, and access privileges including the use of the shared secret.
When the switch acts as a Network Access Server, it operates as a RADIUS client. The switch is
responsible for passing user information to the designated RADIUS servers. Because the switch
operates in a LAN environment, it allows user access through Telnet, rlogin, and Console logon.
You can configure a list of up to 10 RADIUS servers on the client. If the first server is unavailable,
the Avaya Ethernet Routing Switch 8800/8600 tries the second, and then attempts each server in
sequence until it establishes a successful connection.
You can use the RADIUS server as a proxy for stronger authentication (see the following figure),
such as:
• SecurID cards
June 2016 Planning and Engineering — Network Design
Comments on this document? infodev@avaya.com
282