Setting RADIUS servers
Settings for RADIUS server authentication are under Administration > Security: RADIUS.
RADIUS is an access control protocol that uses a challenge and response method for authenticating users.
Enabling this feature is optional.
Settings to prioritize local, RADIUS, and TACACS+ authentication methods for the system and to set the authorization policy and default user for RADIUS and TACACS+ authorization systems are under Administration > Security: General Settings.
For details about setting up RADIUS and TACACS+ servers, see the SteelHead Deployment Guide.
RADIUS page
Under Default RADIUS Settings, these configuration options are available:
Set a Global Default Key
Enables a global server key for the RADIUS server.
Global Key
Specifies the global server key.
Confirm Global Key
Confirms the global server key.
Timeout
Specifies the time-out period in seconds (1 to 60). The default value is 3.
Retries
Specifies the number of times you want to allow the user to retry authentication. The default value is 1.
These options are available to add a new RADIUS server:
Add a RADIUS Server
Displays the controls for defining a new RADIUS server.
Hostname or IP Address
Specifies the hostname or server IP address. RiOS doesn’t support IPv6 server IP addresses.
Authentication Port
Specifies the port for the server.
Authentication Type
Specifies one of these authentication types:
• Password Authentication Protocol (PAP) validates users before allowing them access to the RADIUS server resources. PAP is the most flexible protocol but is less secure than CHAP.
• Challenge-Handshake Authentication Protocol (CHAP) provides better security than PAP. CHAP validates the identity of remote clients by periodically verifying the identity of the client using a three-way handshake. This validation happens at the time of establishing the initial link and might happen again at any time. CHAP bases verification on a user password and transmits an MD5 sum of the password from the client to the server.
• MS-CHAPv2 provides a more secure authentication protocol than PAP or CHAP. MS-CHAPv2 is the Microsoft version of the Challenge-Handshake Authentication Protocol.
Override the Global Default Key
Overrides the global server key for the server.
Server Key
Specifies the override server key.
Confirm Server Key
Confirms the override server key.
Timeout
Specifies the time-out period in seconds (1 to 60). The default value is 3.
Retries
Specifies the number of times you want to allow the user to retry authentication. Valid values are from 0 to 5. The default value is 1.
Enabled
Enables the new server.
Add
Adds the RADIUS server to the list.
If you add a new server to your network and you don’t specify these fields at that time, RiOS applies the global settings.
To modify RADIUS server settings, click the server IP address in the list of Radius Servers. Use the Status drop-down list to enable or disable a server in the list.