Radius Login Authentication; Setting Up A Radius Server - 3Com VCX v7111 User Manual
Voip
Hide thumbs
Also See for VCX v7111:
- User manual (245 pages) ,
- Installation manual (58 pages) ,
- Product manual (15 pages)
Table of Contents
Advertisement
Preferable = an unencrypted call is established. Incoming calls that do not include
encryption information are accepted.
To enable SRTP set the parameter EnableMediaSecurity to 1 (described in
•
When SRTP is used the channel capacity is reduced (see the parameter
EnableMediaSecurity.
•
The gateway only supports the AES 128 in CM mode cipher suite.
Figure 130 Example of crypto Attributes Usage
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:PsKoMpHlCg+b5X0YLuSvNrImEh/dAe
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:IsPtLoGkBf9a+c6XVzRuMqHlDnEiAd
RADIUS Login Authentication
Users can enhance the security and capabilities of logging to the gateways Web and Telnet
embedded servers by using a Remote Authentication Dial-In User Service (RADIUS) to store
numerous usernames, passwords and access level attributes (Web only), allowing multiple
user management on a centralized platform. RADIUS (RFC 2865) is a standard
authentication protocol that defines a method for contacting a predefined server and verifying
a given name and password pair against a remote database, in a secure manner.
When accessing the Web and Telnet servers, users must provide a valid username and
password. When RADIUS authentication is not used, the username and password are
authenticated with the Embedded Web Servers usernames and passwords of the primary or
secondary accounts (see
password stored internally in the gateways memory. When RADIUS authentication is used,
the gateway does not store the username and password but simply forwards them to the pre-
configured RADIUS server for authentication (acceptance or rejection). The internal Web /
Telnet passwords can be used as a fallback mechanism in case the RADIUS server does not
respond (configured by the parameter BehaviorUponRadiusTimeout). Note that when
RADIUS authentication is performed, the Web / Telnet servers are blocked until a response
is received (with a timeout of 5 seconds).
RADIUS authentication requires HTTP basic authentication, meaning the username and
password are transmitted in clear text over the network. Therefore, users are recommended
to set the parameter HttpsOnly = 1 to force the use of HTTPS, since the transport is
encrypted.
Setting Up a RADIUS Server
The following examples see FreeRADIUS, a free RADIUS server that can be downloaded
http://www.freeradius.org/
from
installing and configuring the server. If you use a RADIUS server from a different vendor, see
its appropriate documentation.
338
User
Accounts) or with the Telnet server's username and
. Follow the directions on that site for information on
®
3Com
VCX V7111 VoIP Gateway User Guide
Table
64).
Advertisement
Table of Contents
