Motorola POWERBROADBAND T2-2500 User Manual

RADIUS authenticated login

Motorola, Inc.

549453-001-00-a

Page 19 of 51

R

R

A

A

D

D

I

I

U

U

S

S

n

n

e

e

t

t

w

w

o

o

r

r

k

k

a

a

u

u

t

t

h

h

e

e

n

n

t

t

i

i

c

c

a

a

t

t

e

e

d

d

l

l

o

o

g

g

i

i

n

n

XLT will authenticate network logins from user accounts and passwords maintained on a remote RADIUS server.
XLT implements RADIUS access-requests. RADIUS network authenticated logins allows the administrators to easily
change all passwords by changing the password on the RADIUS server, simplifying management of a large network
with multiple users.

Some RADIUS servers can authenticate using Microsoft Active Directory; thus network logins can be tied to the
technicians network login account. Using this method, password management is tied directly to the users network
authentication.

To use RADIUS network authentication, you will need a properly configured RADIUS server (free RADIUS servers are
available for Linux operating systems or fee-based server products are available on UNIX and Microsoft NOS).

RADIUS authenticated logins only support the “admin” user account privileges with the following exceptions:

• The RADIUS account cannot disable RADIUS login support

• The RADIUS account cannot change the built-in “Admin” password

To create a RADIUS server configuration from the CLI, use the following command:

radius server config

<1-5(index)> <ip-address #.#.#.#> <shared-secret string> <timeout 1-10> <retries 1-120>

Options Description
index 5

RADIUS

servers can be added. Authentication will be performed starting with the server in

index 1

ip-address

IP address of the RADIUS server

shared-secret

This is the password used by the RADIUS server to authentication the Access-Request
packets from the Tut OS

timeout

Number of seconds to wait after sending an Access-Request packet before sending another
request or trying another server. Practical timeout value is 5 seconds.

retries

Number of retries before giving up and trying a different server. A practical entry for retries is
2 to 3.

Note: The “admin” account name is not reserved. You may create an “admin” account on the RADIUS server. If so,
the Tut OS will first check the password against the local “admin” account password before trying the RADIUS server.
Unless there is a special reason to do so, we recommend not using an “admin” account on the RADIUS server.