Table of Contents
Advertisement
54 Chapter 2 Configuring servers
If a valid class attribute is not returned, then PPTP users are placed in the default
group as configured on the Servers > RADIUS Auth window.
Configuring group-level RADIUS authentication
In remote access deployments, if you want to partition users across several
different RADIUS servers, the VPN Router can connect to the appropriate server
when authenticating a specific user. This group-level authentication is particularly
useful for large installations with many different databases, and for carriers that
have a business need to keep customer authentication domains separate.
To configure the group-level RADIUS authentication server for each group:
1
2
NN46110-600
Note: Everything about the authentication type must match; for
example, if you send an encrypted password, then MS-CHAP must be
enabled on the RADIUS authentication window and the RADIUS server
must support MS-CHAP.
Select Profiles > Groups > Edit > IPsec Configure.
Click the Configure Group Level RADIUS Servers link in the
Authentication section. You can configure the following:
•
A primary and two alternate RADIUS servers
•
IP address, interface, port, and secret
•
UserID suffix removal and delimiter value
•
Response Time out and Maximum Transmission Attempts
•
For user name/password authentication, the PAP/CHAP settings are
retrieved from the Servers > RADIUS Authentication Servers window.
Advertisement
Table of Contents
