Multitech MultiAccess MA30120 User Manual page 81

Communications server

Hide thumbs Also See for MultiAccess MA30120:

Quick start manual (29 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

Table of Contents

The RADIUS protocol implements a client to server relationship. The server is most commonly software running

on a network computer (server or workstation), i.e. IAS service on Windows 2003 or Free RADIUS running on

Linux. The client is most commonly a communication appliance on the network (such as a remote access

server or VPN gateway). RADIUS uses the TCP/IP protocol UDP to communicate between client and server.

The RADIUS Client must be told (configured with) the address of the RADIUS Server and the shared secret

(password) it is to use. In turn the RADIUS Server is configured with a list of valid clients (listed in the server's

"clients" file) with the associated shared secret password.

When the client sends an authentication request, it encrypts the user's password with an encryption key

referred to as the "shared secret". The standard encryption technique used by RADIUS is MD5. When the

server receives the authentication request, it determines the source address of who sent the request packet,

and checks to see if the source is listed in it's clients file, if so, it continues processing and un-encrypts the

user's password using the same shared secret (if the sender is not listed, the packet is ignored and the client

will not receive any response from the server). The authentication request contains the user's credentials

(advanced implementations may contain addititonal identifying attributes like callerID information). The server

compares the contents of the request against a pre-defined user entry contained in the server's "user" file (or

RADIUS database). The server then replies back with an "accept" or "reject" packet (based on the

comparison). The RADIUS client acts accordingly upon receipt of the auth-accept or auth-reject packet.

There are variables to what the client may do upon receipt of a reject. When the server sends an accept

packet, it will include a list of attributes that should be applied to the user (like the type of user is Framed PPP,

the IP Address to use, how long to allow the connection, etc). Upon receipt of an acceptance packet, the client

will compare the contents against the current conditions, apply\provide any necessary parameters to the user

and allow the connection to proceed. The RADIUS Client at this time (if configured to do so) starts the RADIUS

Accounting process. The client then sends an Accounting-Start packet (containing a summary of the user,

including resources used, i.e. starting time & date, type of user, port number, IP address, etc) to the RADIUS

Accounting Server. When the user disconnects, the RADIUS Client sends an Accounting-Stop packet to the

accounting server (which includes a summary similar to the start packet). The RADIUS server will send an

acknowledgment to the client for each accounting packet received from the client.

The MultiAccess RADIUS Server also has the ability to queary the Linux system local database.

Note:

Accounting is always on in the MultiAccess Client.

Radius Server General Setup

The general setup will set the conditions for the Radius Server within the MultiAccess to be used. If you

already have a Radius Server on your network, you do not need to configure the Radius Server in

MultiAccess.

Status

Click on the check mark window to enable the Radius Server. Click on the Save button to activate the

Radius Server.

Client

This is the IP address of the Radius Client. This field points the Radius Server to the Radius Client. You

need one client entry for each Network Access Server (NAS). If the client is an internal Radius Client, then

the IP address must be that of Ethernet 1 (eht0).

Shared Secret

The Shared Secret is the encryption key used by Radius to encrypt and unencrypt the user's password for

security reasons when sending the Auth request across the network. MD5 is the standard Radius

encryption technique supported by the MultiAccess. This shared secret is used by the client in requests to

this server. The shared secret is limited to 15 alphanumeric characters (a-z & 0-9) and is case sensitive.

Confirm shared Secret

Confirm the shared secret entered above by entering it again.

NAS Name

Network Access Server (NAS) Name is an meaningful arbitrary name, such as North in the screen above

that is unique for each NAS.

Short Name

This is a meaningful arbitray Short Name for NAS name that is used for creating a directory for the location

of the accounting detail file for this client.

MultiAccess Communications Server MA30120 User Guide

User Authentication > RADIUS Server > General Setup

Chapter 3 – Software

Table of Contents

Multitech MultiAccess MA30120 User Manual page 81

Related Manuals for Multitech MultiAccess MA30120

Related Products for Multitech MultiAccess MA30120

Table of Contents