Procedure 7-24: Provision RADIUS server

- Overview

Use this procedure to provision a Remote Authentication Dial In User Service (RADIUS) server on your network for authentication.

An Authentication Server simplifies the authentication and management of users in a large network. One such type of Authentication Server supports the Remote Authentication Dial In User Service (RADIUS) protocol as defined by RFC 2865.

To accomplish the authentication in a secure manner, the RADIUS client and RADIUS server must both be configured with the same shared secret. This secret is used to generate one-way encrypted authenticators that are present in all RADIUS packets. The secret is never transmitted over the network.

To use RADIUS authentication, you need to create an authentication login list, which uses RADIUS as the primary authentication method, and local authentication as a backup method in the event that the RADIUS server cannot be contacted. The authentication list is then associated with the default login.

- Privilege level

You must log in as a Privileged or Administration user to complete this procedure.

- Before you begin

Prior to performing this procedure:

  1. Refer to Before you begin and Required equipment in this chapter.

  2. Obtain the work instructions for this procedure.

Step

Complete the following steps to provision a Remote Authentication Dial In User Service (RADIUS) server on your network for authentication.

 
1

From the System View menu, select Administration → Security → Provision Radius Server.

Result:

The Provision Radius Server window opens.

2

Provision the parameters as required. See Table 7-1, Radius configuration parameters.

3

Click Create to create a server or Delete to delete a server.

4

Important!

The system-level RADIUS Authentication parameter must be Enabled to provision the local network element as a RADIUS client.

Select View → Equipment to access the system-level parameters and verify that the RADIUS Authentication parameter is Enabled for the network element.

If required, select Configuration → Equipment to access the system-level parameters and enable RADIUS Authentication for the network element.

Reference:

Procedure 6-2: Provision shelf/system parameters

End of steps

Radius Server
Table 7-1: Radius configuration parameters

CIT

Description

TL1 ent-radius-server command parameter

Radius Server Attributes Panel

IP Address

This is the IP Address of the RADIUS Server. Valid values: four dot-separated decimal numbers in the range of 0 to 255. The value 0.0.0.0 is an invalid IP Address. This is a required parameter.

ipaddr

Role

This parameter indicates whether the RADIUS Server is a primary or secondary one. This is a required parameter. Valid values: Primary or Secondary

Only one primary and one secondary RADIUS servers are allowed to be provisioned.

role

Port Number

Port Number. It identifies the UDP port number for RADIUS. The valid values are integers from 1 to 65535. This is an optional parameter. The initial value is 1812.

port

Secret

Secret. It identifies the shared secret between the RADIUS client and the RADIUS server. Valid values are case-sensitive strings of 1 to 128 characters, with characters @ , : = “ ; * \ ! ? not being allowed due to their special TL1 meanings.

secret

November 2011Copyright © 2011 Alcatel-Lucent. All rights reserved.