Configuring a PortMaster(TM) to authenticate with Lucent RADIUS(TM)
UPDATED: August 20, 1999
This Document describes the process of configuring a PortMaster to authenticate using
When a user is being authenticated the PortMaster will first consult its own user table
for authentication. If the user is not found in the local users table then the PortMaster
sends an authentication request to the primary RADIUS server on UDP port 1645. *Please
note the current convention for port number for the RADIUS application is 1812; the
PortMaster can be set to use either, but defaults to 1645. Default for accounting is port
1646, but current convention is port 1813*. The PortMaster will wait for 3 seconds
for a reply from RADIUS before sending another authentication request. The PortMaster will
send 10 authentication requests before timing out after 30 seconds (10 requests at 3
seconds each). If the primary authentication server does not respond after 3 requests then
the secondary server will be sent the authentication requests.
- Set the primary authentication server.
Command> set authentic [ip address of primary RADIUS server]
- Set the encryption key. This is used to encrypt the password as it is transferred
between the PortMaster and the RADIUS server. If the key does not match EXACTLY the one
found in the RADIUS clients file then the authentication request will be rejected.
Command> set secret [secret encryption key]
- Set security on the dialin ports.
NOTE: RADIUS will only function if security is turned on the port.
Command> set [port name] security on
Valid Values are:
ON: Disables pass-thru logins. When a user is not found in the user table an
authentication request is forwarded to RADIUS.
OFF: Enables pass-thru logins allow any user name which does not match the local
users table to be automatically forwarded a designated host via telnet, rlogin or
Command> set all security on
Security for port S0 changed from off to on
Security for port S1 changed from off to on
Security for port S2 changed from off to on
Security for port S3 changed from off to on
Security for port S4 changed from off to on
Security for port S5 changed from off to on
Security for port S6 changed from off to on
Security for port S7 changed from off to on
Security for port S8 changed from off to on
Security for port S9 changed from off to on
- Set the secondary authentication server. This setting is not required.
NOTE: If you do not have a secondary RADIUS host then do NOT set the alternate to
the same as the primary.
Command> set alternate [ip address of secondary RADIUS server]
- Set the primary accounting server Accounting information is sent to the RADIUS server
using UDP port 1646.
Command> set accounting [ip address of primary RADIUS
- Set the secondary accounting server
NOTE: If you do not have a secondary RADIUS accounting server
then do NOT set the secondary to the same as the primary.
Command> set accounting 2 [ip address of secondary RADIUS