.svg?sv=2022-11-02&spr=https&st=2024-11-05T10%3A56%3A09Z&se=2024-11-05T11%3A06%3A09Z&sr=c&sp=r&sig=Kg9Qoh5OsSqwso9iOgbE6uujDNwDEkndiqXUlNpllrc%3D){kind=logo}
Using RADIUS Authentication
- 25 Sep 2024
- 2 Minutes to read
- Contributors
- Print
- PDF
Using RADIUS Authentication
- Updated on 25 Sep 2024
- 2 Minutes to read
- Contributors
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
You can use a RADIUS server to authenticate users. When RADIUS authentication is enabled, the Cisco Provider Connectivity Assurance Sensor Control supports Authentication and Authorization as configured on the RADIUS server. A RADIUS server can be useful if you want to centrally manage user accounts instead of managing them separately on each Sensor Control. A Sensor Control can be connected to up to two RADIUS servers, allowing for RADIUS server redundancy.
▶ To configure session parameters
Access the page System ▶ Session ▶ RADIUS.
Enter the various RADIUS configuration parameters, then click Apply.
For more information on specific parameters, refer to the following table.
RADIUS Configuration (System ▶ Session ▶ RADIUS)
General
| Parameter | Description |
|---|---|
| Authentication Method | The authentication method to use. The only option available is: PAP: Password Authentication Protocol. |
| RADIUS timeout | How long the RADIUS server will wait before retrying the connection. After the number of retries has been exhausted, a connection to the next configured server will be attempted, in which the same timeout and retry scheme apply. |
| RADIUS retry | The number of times to retry the server before trying the next configured server. |
| Realm | The string to append to the user's name, following the username@realm method. |
| Vendor-Specific attribute in Access-Request | Enable this box to include vendor-specific information as part of the RADIUS access request. Sending this information enables the RADIUS server to better identify the type of equipment requesting access. |
Server-1 / Server-2
| Parameter | Description |
|---|---|
| Host | The RADIUS server host-name or IP address. |
| Port | The RADIUS server UDP port to which to connect. |
| Secret | The shared secret for this RADIUS server. The secret can be 48 characters long. |
| Source address | The optional bind address for the RADIUS server. |
RADIUS Server Configuration Examples
The following examples are configurations for the RADIUS server, not for the Sensor Control.
Two methods are supported by RADIUS servers for providing authorization using standard RADIUS attributes:
- Callback-Id (id=20): Provides a fine-grained permissions mechanism. The permissions are the same as those that can be configured locally on the Sensor Control. The list of tokens is separated by commas. They can be a mix of locally defined user permission groups and individual privileges.
- Service-Type (id=6): Provides for full admin privileges if attribute is set to "Administrative-User".
Notes:
You cannot view RADIUS assigned permissions with the CLI or Web-based interface.
The permissions tokens are case sensitive.
The following are a few configuration examples for the RADIUS Server using these attributes:
- To assign a user to the built-in Admin group: Callback-Id = "Admin".
- To grant a user full administration privileges (same as first example): Service-Type = "Administrative-User".
- To give a user a list of individual privileges: Callback-Id = "Config, Firmware, Log, Management, Users".
If a user is authenticated by RADIUS but no attributes are specified in the server configuration, the permissions will be set as follows:
- Local permissions (i.e., as configured in the Sensor Control), if the username exists locally.
- Viewer-only permission, if the username does not exist locally.
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks
Was this article helpful?