Configuring RADIUS settings

About Security Settings : Configuring RADIUS settings

RADIUS settings are under Settings > Security: RADIUS. RADIUS is an access control protocol that uses a challenge and response method for authenticating users. Setting up RADIUS server authentication is optional.

You can prioritize local, RADIUS, and TACACS+ authentication methods for the system and set the authorization policy and default user for RADIUS and TACACS+ authorization systems under Settings > Security: General Settings.

Set a Global Default Key

Enables a global server key for the RADIUS server.

Global Key

Specifies the global server key.

Confirm Global Key

Confirms the global server key.

Timeout (seconds)

Specifies the time-out period in seconds (1 to 60). The default value is 3.

Retries

Specifies the number of times you want to allow the user to retry authentication. The default value is 1.

Add a RADIUS Server

Displays the controls for defining a new RADIUS server.

Hostname or IP Address

Specifies the hostname or server IP address. RiOS doesn’t support IPv6 server IP addresses.

Authentication Port

Specifies the port for the server.

Authentication Type

Specifies the authentication type.

PAP

Password Authentication Protocol (PAP), which validates users before allowing them access to the RADIUS server resources. PAP is the most flexible protocol but is less secure than CHAP.

CHAP

Challenge-Handshake Authentication Protocol (CHAP), which provides better security than PAP. CHAP validates the identity of remote clients by periodically verifying the identity of the client using a three-way handshake. This validation happens at the time of establishing the initial link and might happen again at any time. CHAP bases verification on a user password and transmits an MD5 sum of the password from the client to the server.

Override the Global Default Key

Overrides the global server key for the server.

Server Key

Specifies the override server key.

Confirm Server Key

Confirms the override server key.

Timeout

Specifies the time-out period in seconds (1 to 60). The default value is 3.

Retries

Specifies the number of times you want to allow the user to retry authentication. Valid values are from 0 to 5. The default value is 1.

Enabled

Enables the new server.

If you add a new server to your network and you don’t specify these settings at that time, the global settings are applied automatically.