RADIUS Client Configuration

Introduction

This chapter covers configuration of the PortMaster as a RADIUS client. The following items must be configured on each PortMaster:

There are two steps to configure a RADIUS client: adding the PortMaster and shared secret to the clients file on the RADIUS server (see "Configuring Client Information"), and configuring the shared secret and address of the RADIUS server on the PortMaster.

RADIUS clients may be configured using the PortMaster command line interface (see the following section) or using PMconsole.

Configuration Using Command Line Interface

To configure the PortMaster using the command line interface, complete the following steps.

  1. Enable port security on all ports using the set all security on command. When port security is enabled, each user attempting to log into the port must be authenticated using the PortMaster User Table or RADIUS. 
    Command> set all security on
  2. Enter the IP address of the primary RADIUS server using the following command: 
    Command> set authentic 192.168.200.23
  3. Optionally, specify an alternate RADIUS server using the following command: 
    Command> set alternate 192.168.200.24

    The primary RADIUS server is consulted first. If the server does not respond, it is queried a second time, then both servers are queried up to eight additional times at three-second intervals.

  4. To log activity using RADIUS accounting, enter the IP address of the primary accounting server: 
    Command> set accounting 192.168.200.4

    Optionally, specify an alternate accounting server:

    Command> set accounting 2 192.168.200.5
  5. Enter the secret shared by the PortMaster and RADIUS server using the set secret command. This is the same shared secret entered in the clients file on the RADIUS server. 
    Command> set secret 3jk3l5d44vdpw89

    The shared secret is a string of up to 15 alphanumeric printable ASCII characters. If a secret longer than 15 characters is specified, an error message is displayed.

  6. Save your changes using the save all command, then reset all ports. 
    Command> save all
Command> reset all

    Caution - Resetting all ports disconnects any user sessions in progress.

Configuration Using PMconsole

To configure the PortMaster using PMconsole, complete the following steps:

  1. Choose RADIUS from the Edit menu.
  2. In the dialog box that appears, enter the IP address of the primary and optional alternate RADIUS servers.
  3. To log activity using RADIUS accounting, enter the IP address of the primary and optional alternate accounting servers.
  4. Enter the secret shared by the RADIUS client and RADIUS server. For security reasons, the secret is not displayed in the dialog box. The shared secret is case-sensitive, and must consist of 15 characters or less. Control characters may not be used.

    Note - Do not press the Return key when the cursor is in the RADIUS Secret field of the dialog box. Pressing the Return key at this point will erase the secret when the Save button is pressed.

  5. To save the RADIUS settings, click the Save button.
  6. To leave the window, click the Done button.
  7. On each port, turn Security on, then click the Save button to save the port setting to the PortMaster's non-volatile memory. Click the Remote Reset button, then click the Done button to close the dialog box.

    When port security is enabled, each user attempting to log into the port must be authenticated using the PortMaster User Table or RADIUS.

    Note - Some older versions of PMconsole may display the Pass-Thru Login option instead of the Security option in this dialog box. In this case, ensure that Pass-Thru Login is disabled; this has the same effect as turning Security on.

/ Prev / Next / TOC / Preface / Overview / Server / Client / User / Menu / SecurID / Accounting / Troubleshooting /

© Copyright 1996, Livingston Enterprises, Inc. Revised Friday September 25, 1998 17:29 PDT