Configuring Interface For Radius Communication; Configuring General Radius Parameters; Radius-Based Management User Authentication - AudioCodes Mediant 4000 SBC User Manual

15.3.3 Configuring Interface for RADIUS Communication

The device can communicate with the RADIUS server through its' OAMP (default) or SIP
Control network interface. To change the interface used for RADIUS traffic, use the
RadiusTrafficType parameter.
Note: If set to Control, only one Control interface must be configured in the Interface
table (see ''Configuring IP Network Interfaces'' on page 132); otherwise, RADIUS
communication will fail.

15.3.4 Configuring General RADIUS Parameters

The procedure below describes the configuration of RADIUS parameters that are common
between RADIUS-based user authentication and RADIUS-based accounting.

To configure general RADIUS parameters:
1. Open the Authentication Settings page (Configuration tab > System menu >
Management > Authentication Settings).
2. Scroll down the page to the RADIUS Settings group.
3. In the 'RADIUS VSA Vendor ID' field, enter the same vendor ID number as set on the
third-party RADIUS server. The vendor-specific attribute (VSA) identifies the device to
the RADIUS server using the Vendor ID. For an example of using the Vendor ID, see
''Setting Up a Third-Party RADIUS Server'' on page 231.
4. Configure RADIUS packet retransmission when no response is received from the
RADIUS server:
a. In the 'RADIUS Packets Retransmission' field (RADIUSRetransmission), enter
the maximum number of RADIUS retransmissions that the device performs if no
response is received from the RADIUS server.
b. In the 'RADIUS Response Time Out' field (RadiusTO), enter the interval (in
seconds) that the device waits for a response before sending a RADIUS
retransmission.
5. Click Submit.

15.3.5 RADIUS-based Management User Authentication

You can enhance security for your device by implementing Remote Authentication Dial-In
User Service (RADIUS - RFC 2865) for authenticating multiple management user accounts
of the device's embedded Web and Telnet (CLI) servers. Thus, RADIUS also prevents
unauthorized access to your device.
When RADIUS authentication is not used, the user's login username and password are
locally authenticated by the device in its Web Users table (database). However, the Web
Users table can be used as a fallback mechanism in case the RADIUS server does not
respond. For configuring local user accounts, see ''Configuring Web User Accounts'' on
page 63.
When RADIUS authentication is used, the RADIUS server stores the user accounts -
usernames, passwords, and access levels (authorization). When a management user
(client) tries to access the device, the device sends the RADIUS server the user's
username and password for authentication. The RADIUS server replies with an acceptance
or a rejection notification. During the RADIUS authentication process, the device's Web
interface is blocked until an acceptance response is received from the RADIUS server.
User's Manual 230
Mediant 4000 SBC
Document #: LTRT-41730