The Radius Server; Cn3000 Authentication; Customer Authentication; Administrator Authentication - Colubris Networks CN3000 Administrator's Manual

Chapter 2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - How it works - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 2

The RADIUS server

The RADIUS server is a key component of the public access infrastructure. It is used to
perform a variety of tasks, including:
• authenticating the CN3000
• authenticating administrator logins
• authenticating customer logins
• storing accounting information for each customer
• storing customization information for the public access interface
Note: A RADIUS server is not required when operating the CN3000 in local mode (page
50).
CN3000 The CN3000 authenticates itself to a RADIUS server each time:
• it is powered up
authentication
• it is restarted
• the authentication interval expires (configured via the management tool)
At each authentication, configuration information is retrieved if defined in the RADIUS
profile for the CN3000. This information can include:
• Access list defining the resources unauthenticated/authenticated customers can
• URLs specifying the location of customized Web pages and supporting files.
• A URL specifying the location of a custom security certificate.
• A URL specifying the location of a CN3000 configuration file.
• The MAC addresses of devices to authenticate.
• The default idle timeout for customer sessions.
• The default address for the mail server used to support SMTP redirection.
When you set up a profile for the CN3000 on the RADIUS server you define this
information in the form of a Colubris Networks vendor-specific attribute. For a complete
list of all supported values see page 150.
Customer
See page
authentication
Administrator
The RADIUS server can also be used to authenticate administrator logins. This enables
you to have multiple administrators, each with their own username and password,
authentication
instead of the single account controlled on the Management > Management tool page.
Connecting to a Any device that uses the authentication services of a RADIUS server is called a
RADIUS client. For added flexibility, the CN3000 lets you define up to 16 RADIUS client
RADIUS server
profiles. Each profile defines the settings for a single RADIUS client connection.
To support a RADIUS client connection, you must create a client account (sometimes
called a RAS account) on the RADIUS server. The settings for this account must match
the profile settings you define on the CN3000.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 40 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
connect to.
"Customer authentication" on page 24 for details.