Radius Login Authentication; Setting Up A Radius Server - 3Com V7122 User Manual

Must = the call is terminated. Incoming calls that don't include encryption information are
rejected.
Prefer = an unencrypted call is established. Incoming calls that don't include encryption
information are accepted.
To enable SRTP set the parameter EnableMediaSecurity to 1 (described in
Parameters).
•
When SRTP is used the channel capacity is reduced (see the parameter
EnableMediaSecurity).
•
The gateway only supports the AES 128 in CM mode cipher suite.
Figure 112 Example of crypto Attributes Usage
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:PsKoMpHlCg+b5X0YLuSvNrImEh/dAe
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:IsPtLoGkBf9a+c6XVzRuMqHlDnEiAd

RADIUS Login Authentication

Users can enhance the security and capabilities of logging to the gateway's Web and Telnet
embedded servers by using a Remote Authentication Dial-In User Service (RADIUS) to store
numerous usernames, passwords and access level attributes (Web only), allowing multiple
user management on a centralized platform. RADIUS (RFC 2865) is a standard
authentication protocol that defines a method for contacting a predefined server and verifying
a given name and password pair against a remote database, in a secure manner.
When accessing the Web and Telnet servers, users must provide a valid username and
password. When RADIUS authentication isn't used, the username and password are
authenticated with the Embedded Web Server's usernames and passwords of the primary or
secondary accounts (see
password stored internally in the gateway's memory. When RADIUS authentication is used,
the gateway doesn't store the username and password but simply forwards them to the pre-
configured RADIUS server for authentication (acceptance or rejection). The internal Web /
Telnet passwords can be used as a fallback mechanism in case the RADIUS server doesn't
respond (configured by the parameter BehaviorUponRadiusTimeout). Note that when
RADIUS authentication is performed, the Web / Telnet servers are blocked until a response
is received (with a timeout of 5 seconds).
RADIUS authentication requires HTTP basic authentication, meaning the username and
password are transmitted in clear text over the network. Therefore, users are recommended
to set the parameter 'HttpsOnly = 1' to force the use of HTTPS, since the transport is
encrypted.

Setting Up a RADIUS Server

The following examples see FreeRADIUS, a free RADIUS server that can be downloaded
from www.freeradius.org. Follow the directions on that site for information on installing and
configuring the server. If you use a RADIUS server from a different vendor, see its
appropriate documentation.
350
User Accounts) or with the Telnet server's username and
Security
V7122 GatewayUser Guide