Netgear XCM8806 Chassis User Manual - Page 472
How NETGEAR Switches Work with RADIUS Servers, Network Access Server NAS. Typically
View all Netgear XCM8806 Chassis manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 472 highlights
NETGEAR 8800 User Manual Note: RADIUS provides many of the same features provided by TACACS+. You cannot use RADIUS and TACACS+ at the same time. RADIUS is a communications protocol (RFC 2138) that is used between client and server to implement the RADIUS service. The RADIUS client component of the XCM8800 software should be compatible with any RADIUS compliant server product. The following sections provide more information on management session authentication: • How NETGEAR Switches Work with RADIUS Servers on page 472 • Configuration Overview for Authenticating Management Sessions on page 473 How NETGEAR Switches Work with RADIUS Servers When configured for use with a RADIUS server, an XCM8800 switch operates as a RADIUS client. In RADIUS server configuration, the client component is configured as a client or as a Network Access Server (NAS). Typically, an XCM8800 NAS provides network access to supplicants such as PCs or phones. When a supplicant requests authentication from a switch that is configured for RADIUS server authentication, the following events occur: 1. The switch sends an authentication request in the form of a RADIUS Access-Request message. 2. The RADIUS server looks up the user in the users file. 3. The RADIUS server accepts or rejects the authentication and returns a RADIUS Access-Accept or Access-Reject message. 4. If authentication is accepted, the Access-Accept message can contain standard RADIUS attributes and Vendor Specific Attributes (VSAs) that can be used to configure the switch. 5. If authentication is accepted, the Access-Accept message can enable command authorization for that user on the switch. Command authorization uses the RADIUS server to approve or deny the execution of each command the user enters. The XCM8800 switch initiates all communications with the RADIUS server. For basic authentication, the switch sends the Access-Request message, and communications with the RADIUS server is complete when the switch receives the Access-Accept or Access-Reject message. For command authorization, communications starts each time a user configured for command authorization enters a switch command. RADIUS server communications ends when command use is allowed or denied. A key component of RADIUS server management is the attributes and VSAs that the RADIUS server can be configured to send in Access-Accept messages. VSAs are custom attributes for a specific Vendor, such as NETGEAR. These attributes store information about a particular user and the configuration options available to the user. The RADIUS client in XCM8800 accepts these attributes and uses them to configure the switch in response to 472 | Chapter 17. Security