Radius ports, Authentication – RSA Security 6.1 User Manual
Page 20
8
About RSA RADIUS Server
September 2005
The RSA Authentication Manager software views the RSA RADIUS Server
service as a host agent. Communication between RSA RADIUS Server and
RSA Authentication Manager uses specific UDP ports, which are configured
during installation. To prevent “masquerading” by unauthorized hosts, you
configure RSA Authentication Manager with the IP addresses of each
RSA RADIUS Server host. Before RSA Authentication Manager accepts an
authentication request, it verifies that the source address contained in the request
matches an authorized host agent.
RADIUS Ports
The RADIUS standard initially used UDP ports 1645 and 1646 for RADIUS
authentication and accounting packets. The RADIUS standards group later
changed the port assignments to 1812 and 1813, but many organizations continue
using the old 1645 and 1646 port numbers for RADIUS.
Any two devices that exchange RADIUS packets must use compatible UDP port
numbers. If you are configuring a RAS to exchange authentication packets with a
RADIUS server, you must find out which port the server uses to receive
authentication packets from its clients (1812, for example). You must then
configure the RAS to send authentication packets on the same port (1812). The
same is true for RADIUS accounting.
RSA RADIUS Server can listen on multiple ports. For compatibility, the server
listens to the old and new default RADIUS ports: ports 1645 and 1812 for
authentication, and ports 1646 and 1813 for accounting.
Authentication
describes the conditions under which each type of RADIUS
authentication message is issued, and the purpose of any RADIUS attributes the
message contains.
Table 1. RADIUS Authentication Messages and Attributes
Message Conditions
Purpose of Message Attributes
When a RAS receives a connection
request from a user, the RAS
authenticates the request by sending an
Access-Request to its RADIUS server.
Identify the user.
Describe the type of connection the user is
trying to establish.