Procedure 7-24: Provision RADIUS server
Overview
Use this procedure to provision a Remote Authentication Dial In User Service (RADIUS) server on your network for authentication.
An Authentication Server simplifies the authentication and management of users in a large network. One such type of Authentication Server supports the Remote Authentication Dial In User Service (RADIUS) protocol as defined by RFC 2865.
To accomplish the authentication in a secure manner, the RADIUS client and RADIUS server must both be configured with the same shared secret. This secret is used to generate one-way encrypted authenticators that are present in all RADIUS packets. The secret is never transmitted over the network.
To use RADIUS authentication, you need to create an authentication login list, which uses RADIUS as the primary authentication method, and local authentication as a backup method in the event that the RADIUS server cannot be contacted. The authentication list is then associated with the default login.
Before you begin
Prior to performing this procedure:
-
Refer to Before you begin and Required equipment in this chapter.
-
Before provisioning the Radius server on Alcatel-Lucent 1665 DMX, ensure that the vendor-specific attribute is provisioned on the RADIUS server itself.
The vendor-specific attribute is provisioned on the RADIUS server; it is not provisioned on the NE. Whomever is responsible for provisioning the RADIUS server to needs to know the vendor-specific attribute information for Alcatel-Lucent 1665 DMX.
Radius server vendor-specific attribute
The integer values of the fields of this attribute are:
-
Vendor-ID: 7483 (The SMI Network Management Private Enterprise Code of Alcatel-Lucent)
- Vendor-value: select from one of the following integers
If the above defined Vendor-Specific attribute is not included in an Access-Accept packet, the user access privilege is treated as REPORTS-ONLY.
Step
Complete the following steps to provision a Remote Authentication Dial In User Service (RADIUS) server on your network for authentication.
1 |
From the System View menu, select Administration → Security → Provision Radius Server. Result: The Provision Radius Server window opens. |
2 |
Provision the parameters as required. See Table 7-1, Radius configuration parameters. |
3 |
Click Create to create a server or Delete to delete a server. |
4 |
Important! The system-level RADIUS Authentication parameter must be Enabled to provision the local network element as a RADIUS client. Select View → Equipment to access the system-level parameters and verify that the RADIUS Authentication parameter is Enabled for the network element. If required, select Configuration → Equipment to access the system-level parameters and enable RADIUS Authentication for the network element. Reference: Procedure 6-2: Provision shelf/system parameters End of steps |
Radius Server
Table 7-1: Radius configuration parameters
|
CIT |
Description |
TL1 ent-radius-server command parameter |
|---|---|---|
|
Radius Server Attributes Panel | ||
|
IP Address |
This is the IP Address of the RADIUS Server. Valid values: four dot-separated decimal numbers in the range of 0 to 255. The value 0.0.0.0 is an invalid IP Address. This is a required parameter. |
ipaddr |
|
Role |
This parameter indicates whether the RADIUS Server is a primary or secondary one. This is a required parameter. Valid values: Primary or Secondary Only one primary and one secondary RADIUS servers are allowed to be provisioned. |
role |
|
Port Number |
Port Number. It identifies the UDP port number for RADIUS. The valid values are integers from 1 to 65535. This is an optional parameter. The initial value is 1812. |
port |
|
Secret |
Secret. It identifies the shared secret between the RADIUS client and the RADIUS server. Valid values are case-sensitive strings of 1 to 128 characters, with characters @ , : = “ ; * \ ! ? not being allowed due to their special TL1 meanings. |
secret |