Netgear XCM8810 Chassis User Manual - Page 473
Configuration Overview for Authenticating Management Sessions
View all Netgear XCM8810 Chassis manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 473 highlights
NETGEAR 8800 User Manual authentication events. The RADIUS server does not process attributes; it simply sends them when authentication is accepted. It is the switch that processes attributes. User authentication and attributes are managed on a RADIUS server by editing text files. On the FreeRADIUS server, the user ID, password, attributes, and VSAs are stored in the users file, and VSAs are defined in the dictionary file. The dictionary file associates numbers with each attribute. When you edit the users file, you specify the text version of each attribute you define. When the RADIUS server sends attributes to the switch, it sends the attribute type numbers to reduce the network load. Some attribute values are sent as numbers too. Command authorization is also managed on a RADIUS server by editing text files. On a FreeRADIUS server, the profiles file is divided into sections called profiles. Each profile lists command access definitions. In the users file, you can use the Profile-Name attribute to select the command profile that applies to each user managed by command authorization. The XCM8800 software supports backup authentication and authorization by a secondary RADIUS server. If the first RADIUS server, which is configured as the primary RADIUS server, fails and a secondary RADIUS server is configured, the switch sends the request to the secondary RADIUS server. If neither RADIUS server is available, the switch looks up the user in the local database. RADIUS servers can be optionally configured to work with directory services such as LDAP or Microsoft Active Directory. Because XCM8800 switches operate with RADIUS servers, they can benefit from the pairing of the RADIUS server and a directory service. Some guidelines for configuring FreeRADIUS with LDAP are provided later in this chapter. Since the use of the directory service requires configuration of the RADIUS server and directory service, the appropriate documentation to follow is the documentation for those products. Configuration Overview for Authenticating Management Sessions To configure the switch RADIUS client and the RADIUS server to authenticate management sessions, do the following: 1. Configure the switch RADIUS client for authentication as described in Configuring the RADIUS Client for Authentication and Authorization on page 475. 2. If you want to use RADIUS accounting, configure the switch RADIUS accounting client as described in Configuring the RADIUS Client for Accounting on page 477. 3. Configure the RADIUS server for authentication as described in Configuring User Authentication (Users File) on page 479. 4. If you want to configure command authorization, configure the RADIUS server as described in Configuring Command Authorization (RADIUS Profiles) on page 489. 5. If you want to use RADIUS accounting, configure a RADIUS accounting server as described in the documentation for your RADIUS product. Chapter 17. Security | 473