Radius; Introduction To Radius - Avaya C360 Installation And Configuration Manual

Converged stackable switches

Hide thumbs Also See for C360:

User manual (286 pages)

Installation and configuration manual (248 pages)

Quick start for hardware installation (36 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

Table of Contents

Establishing Switch Access

RADIUS

Introduction to RADIUS

User accounts are typically maintained locally on the switch. Therefore, if a site contains

multiple Avaya Switches, it is necessary to configure each switch with its own user accounts.

Additionally, if for example a "read-write" user has to be changed into a "read-only" user, you

must change all the "read-write" passwords configured locally in every switch, in order to

prevent him from accessing this level. This is obviously not effective management. A better

solution is to have all of the user login information kept in a central location where all the

switches can access it. C360 features such a solution: the Remote Authentication Dial-In User

Service (RADIUS).

A RADIUS authentication server is installed on a central computer at the customer's site. On

this server user authentication (account) information is configured that provides various degrees

of access to the switch. The C360 will run as a RADIUS client. When a user attempts to log into

the switch, if there is no local user account for the entered user name and password, then the

switch will send an Authentication Request to the RADIUS server in an attempt to authenticate

the user remotely. If the user name and password are authenticated, then the RADIUS server

responds to the switch with an Authentication Acknowledgement that includes information on

the user's privileges ("administrator", "read-write", or "read-only"), and the user is allowed to

gain access to the switch. If the user is not authenticated, then an Authentication Reject is sent

to the switch and the user is not allowed access to the switch's embedded management.

The Remote Authentication Dial-In User Service (RADIUS) is an IETF standard (RFC 2138)

client/server security protocol. Security and login information is stored in a central location

known as the RADIUS server. RADIUS clients, such as the C360, communicate with the

RADIUS server to authenticate users.

All transactions between the RADIUS client and server are authenticated through the use of a

"shared secret" which is not sent over the network. The shared secret is an authentication

password configured on both the RADIUS client and its RADIUS servers. The shared secret is

stored as clear text in the client's file on the RADIUS server, and in the non-volatile memory of

the C360. In addition, user passwords sent between the client and server are encrypted for

increased security.

In the C360, RADIUS is used to authenticate management stations and (independently) for

802.1x port-based access control.

Figure 22

illustrates the RADIUS authentication procedure:

80 Installation and Configuration Guide Avaya C360 Multilayer Stackable Switches, version 4.5

Table of Contents

Radius; Introduction To Radius - Avaya C360 Installation And Configuration Manual

RADIUS

Introduction to RADIUS

Troubleshooting

Related Manuals for Avaya C360

Related Content for Avaya C360

Table of Contents