Radius Authentication - AudioCodes Mediant 500 E-SBC User Manual

15.3

RADIUS Authentication

You can enhance security for your device by implementing Remote Authentication Dial-In
User Service (RADIUS - RFC 2865) for authenticating multiple management user accounts
of the device's embedded Web and Telnet (CLI) servers. Thus, RADIUS also prevents
unauthorized access to your device.
When RADIUS authentication is not used, the user's login username and password are
locally authenticated by the device in its Web Users table (database). However, the Web
Users table can be used as a fallback mechanism in case the RADIUS server does not
respond. For configuring local user accounts, see Configuring Web User Accounts.
When RADIUS authentication is used, the RADIUS server stores the user accounts -
usernames, passwords, and access levels (authorization). When a management user
(client) tries to access the device, the device sends the RADIUS server the user's
username and password for authentication. The RADIUS server replies with an acceptance
or a rejection notification. During the RADIUS authentication process, the device's Web
interface is blocked until an acceptance response is received from the RADIUS server.
Note that communication between the device and the RADIUS server is done by using a
shared secret, which is not transmitted over the network.
Figure 15-7: RADIUS Login Authentication for Management
For using RADIUS, you need to do the following:

Set up a RADIUS server (third-party) to communicate with the device - see 'Setting Up
a Third-Party RADIUS Server' on page

Configure the device as a RADIUS client for communication with the RADIUS server -
see 'Configuring RADIUS Authentication' on page
User's Manual
199
200
198
Mediant 500 E-SBC
Document #: LTRT-10437