SIEMENS 5881 Broadband Internet Router
User’s Guide
Chapter 4 User Setup
User Management
SIEMENS
26
Configure the Radius Server
Remote Authentication Dial In User Service (RADIUS) is client-server based access control and authentication
feature. The RADIUS client resides locally on the router and works in conjunction with a variety of RADIUS
Server applications.
•
The client is responsible for passing user information to designated RADIUS servers, then acting on the
returned response.
•
RADIUS servers are responsible for receiving user connection requests, authenticating the user, then
returning all configuration information necessary for the client to deliver service to the user.
Transactions between the client and server are authenticated through the use of a shared secret, which is
never sent over the network. In addition, any user passwords are sent encrypted between the client and
RADIUS server to further secure account passwords.
When the router is configured to use RADIUS, a user attempting to login presents authentication information
(Username and Password) to the router. Upon receipt, the router’s RADIUS Client creates an “access-request”
containing username, the user's password, and method being used to access the system. The password is
hidden using a method based on the RSA Message Digest Algorithm MD5 [3].
The access request is submitted to the RADIUS server via the network. If no response is returned within a
length of time, the request is re-sent a specified number of times. The router’s RADIUS client can also forward
requests to a secondary server in the event that the primary server is down or unreachable.
Once the RADIUS server receives the request, it validates the RADIUS client that sent the request. A request
from a client for which the RADIUS server does not have a shared secret is discarded. If the client is valid, the
RADIUS server consults a database of users to find the user whose name matches the request. The user entry
in the database contains the required elements for authentication including the username, password, access
and management privileges.
To configure the RADIUS Server:
1. Click
Configure Radius Server
on the left navigation pane of the User Management page. This displays
the Radius Server Configuration page.
2. In
Timeout
, enter the number of seconds to between retry attempts when the Radius Server cannot be
reached.
3. In
Retry
, enter the number of times the Radius Server should be contacted before attempting to connect to
the secondary server.
4. For
Primary
and optionally
Secondary
servers, provide the
IP Address
,
Port
, and
Secret
for accessing
the Radius Server. The
Secret
is used to authenticate requests between servers.