Radius authentication and authorization, How radius authentication works, Configuring radius on the switch – Juniper Networks EX2500 User Manual

Page 25

Advertising
background image

Securing Access to the Switch

„

11

Chapter 1: Accessing the Switch

RADIUS Authentication and Authorization

The EX2500 switch supports the RADIUS (Remote Authentication Dial-in User
Service) method

to

authenticate and authorize remote administrators for managing

the switch. This method is based on a client/server model. The Remote Access
Server (RAS)—the switch—is a client to the back-end database server. A remote
user (the remote administrator) interacts only with the RAS, not the back-end
server and database.

RADIUS authentication consists of the following components:

„

A protocol with a frame format that utilizes UDP over IP (based on RFC 2138
and RFC 2866)

„

A centralized server that stores all the user authorization information

„

A client, in this case, the switch

The EX2500 switch—acting as the RADIUS client—communicates to the RADIUS
server to authenticate and authorize a remote administrator using the protocol
definitions specified in RFCs 2138 and 2866. Transactions between the client and
the RADIUS server are authenticated by a shared key that is not sent over the
network. In addition, the remote administrator passwords are sent encrypted
between the RADIUS client (the switch) and the back-end RADIUS server.

How RADIUS Authentication Works

1.

The remote administrator connects to the switch and provides username and
password.

2.

Using Authentication/Authorization protocol, the switch sends request to
authentication server.

3.

The authentication server checks the request against the user ID database.

4.

Using RADIUS protocol, the authentication server instructs the switch to grant
or deny administrative access.

Configuring RADIUS on the Switch

Use the following procedure to configure RADIUS authentication on your switch:

1.

Configure the Primary and Secondary RADIUS servers, and enable RADIUS
authentication.

ex2500(config)# radius-server primary-host 10.10.1.1
ex2500(config)# radius-server secondary-host 10.10.1.2
ex2500(config)# radius-server enable

2.

Configure the RADIUS secret.

ex2500(config)# radius-server primary-host 10.10.1.1 key <1-32 character
secret>
ex2500(config)# radius-server secondary-host 10.10.1.2 key <1-32 character
secret>

Advertising
Popular Brands
Popular manuals