InterNetworking Systems, Lucent Technologies Lucent Technologies

Products
Tech Corner
Manuals

Configuring a PortMaster(TM) to authenticate with Lucent RADIUS(TM)

UPDATED: August 20, 1999

SUMMARY:

This Document describes the process of configuring a PortMaster to authenticate using RADIUS.

AUTHENTICATION PROCESS:

When a user is being authenticated the PortMaster will first consult its own user table for authentication. If the user is not found in the local users table then the PortMaster sends an authentication request to the primary RADIUS server on UDP port 1645. *Please note the current convention for port number for the RADIUS application is 1812; the PortMaster can be set to use either, but defaults to 1645. Default for accounting is port 1646, but current convention is port 1813*.  The PortMaster will wait for 3 seconds for a reply from RADIUS before sending another authentication request. The PortMaster will send 10 authentication requests before timing out after 30 seconds (10 requests at 3 seconds each). If the primary authentication server does not respond after 3 requests then the secondary server will be sent the authentication requests.

REQUIRED STEPS:

  1. Set the primary authentication server.
    2. Command> set authentic [ip address of primary RADIUS server]
  2. Set the encryption key. This is used to encrypt the password as it is transferred between the PortMaster and the RADIUS server. If the key does not match EXACTLY the one found in the RADIUS clients file then the authentication request will be rejected.
    3. Command> set secret [secret encryption key]
  3. Set security on the dialin ports.

  4.  

     

    NOTE: RADIUS will only function if security is turned on the port.  

    Command> set [port name] security on

    Valid Values are:
    ON: Disables pass-thru logins. When a user is not found in the user table an authentication request is forwarded to RADIUS.
    OFF: Enables pass-thru logins allow any user name which does not match the local users table to be automatically forwarded a designated host via telnet, rlogin or PortMaster service. 

    ex:
    Command> set all security on
Security for port S0 changed from off to on
Security for port S1 changed from off to on
Security for port S2 changed from off to on
Security for port S3 changed from off to on
Security for port S4 changed from off to on
Security for port S5 changed from off to on
Security for port S6 changed from off to on
Security for port S7 changed from off to on
Security for port S8 changed from off to on
Security for port S9 changed from off to on

ADDITIONAL STEPS:

  1. Set the secondary authentication server. This setting is not required.

  2. NOTE: If you do not have a secondary RADIUS host then do NOT set the alternate to the same as the primary. 
    Command> set alternate [ip address of secondary RADIUS server]
  3. Set the primary accounting server Accounting information is sent to the RADIUS server using UDP port 1646.
    4. Command> set accounting [ip address of primary RADIUS
accounting server]
  4. Set the secondary accounting server
  5.    

    NOTE: If you do not have a secondary RADIUS accounting server then do NOT set the secondary to the same as the primary. 

    Command> set accounting 2 [ip address of secondary RADIUS
accounting server]



Copyright © 2000 Lucent Technologies. Use of this site indicates you accept the Terms of Use and the Privacy Statement. For comments or questions about this site, contact us.