Securing Radius Communication; Authenticating Radius In The Url - AudioCodes Mediant 800B User Manual
Analog & digital voip media gateway
Hide thumbs
Also See for Mediant 800B:
- User manual (1338 pages) ,
- Installation and maintenance manual (104 pages) ,
- Hardware installation manual (56 pages)
Table of Contents
Advertisement
7.
Configure RADIUS timeout handling:
a.
From the 'Behavior upon Authentication Server Timeout' drop-down list, select
the option if the RADIUS server does not respond within five seconds:
♦
♦
b.
In the 'Password Local Cache Timeout' field, enter a time limit (in seconds) after
which the username and password verified by the RADIUS server becomes
invalid and a username and password needs to be re-validated with the RADIUS
server.
c.
From the 'Password Local Cache Mode' drop-down list, select the option for the
local RADIUS password cache timer:
♦
♦
8.
Configure when the Web Users table must be used to authenticate login users. From
the 'Use Local Users Database' drop-down list, select one of the following:
•
When No Auth Server Defined (default): When no RADIUS server is configured
(or as fallback if the server is inaccessible).
•
Always: Always, but if not found, use the RADIUS server to authenticate the
user.
9.
Click Submit, and then reset the device with a burn-to-flash for your settings to take
effect.
15.3.3 Securing RADIUS Communication
RADIUS authentication requires HTTP basic authentication (according to RFC 2617).
However, this is insecure as the usernames and passwords are transmitted in clear text
over plain HTTP. Thus, as digest authentication is not supported with RADIUS, it is
recommended that you use HTTPS with RADIUS so that the usernames and passwords
are encrypted.
To configure the device to use HTTPS, set the 'Secured Web Connection (HTTPS)'
parameter to HTTPS Only, in the WEB Security Settings page (Configuration tab >
System menu > Management > WEB Security Settings).
15.3.4 Authenticating RADIUS in the URL
RADIUS authentication is typically done after the user accesses the Web interface by
entering only the device's IP address in the Web browser's URL field (for example,
http://10.13.4.12/), and then entering the username and password credentials in the Web
interface login screen. However, authentication with the RADIUS server can also be done
immediately after the user enters the URL, if the URL also contains the login credentials,
for
http://10.4.4.112/Forms/RadiusAuthentication?WSBackUserName=John&WSBackPasswor
d=1234
Note:
This feature allows up to five simultaneous users only.
User's Manual
Deny Access: device denies user login access.
Verify Access Locally: device checks the username and password
configured locally for the user (in the Web User Accounts page or Web
Users table), and if correct, allows access.
Reset Timer Upon Access: upon each access to a Web page, the timer
resets (reverts to the initial value configured in the previous step).
Absolute Expiry Timer: when you access a Web page, the timer doesn't
reset, but continues its count down.
Mediant 800B Gateway and E-SBC
202
example:
Document #: LTRT-10286
Hide quick links:
Advertisement
Chapters
Table of Contents
