Enterasys Networks Network Card User Manual

86

RiverMaster Administrator’s Guide

Adding an Authorization Plug-In

Chapter 4

Setting Up Aurorean Services

11 In the Timeout field, enter the number of seconds the APS should

wait before resending an authentication request.

If the RADIUS server fails to respond to an authentication request
within the time specified, the APS automatically resends the request.
Depending upon the type of RADIUS server you use, set this field as
follows:

12 In the Retry field, enter the number of times the APS should resend

an authentication request.

For example, when this field is set to 2, the APS resends an
authentication request twice before declaring the RADIUS server
unreachable. Depending upon the type of RADIUS server you use,
set this field as follows:

13 If you were unable to create an Enterasys group on your RADIUS

server and need to reuse an existing group attribute, enter the
attribute number in the Group Attrib. field.

Authentication messages passed between the APS and the RADIUS
server must carry a group attribute. If the RADIUS server
management application prevented you from creating an Enterasys
group attribute, you can take over a pre-defined attribute and use it
for VPN authentication. For example, the standard attribute Login-
LAT-Group can be used by entering its number, 36, in this field. For a
complete list of attribute numbers, refer to the IETF RFC 2138.

Server Type

Recommended Value

Steel-Belted RADIUS

10 seconds

MS RADIUS

10 seconds

SecurID over RADIUS

30 seconds

Server Type

Recommended Value

Steel-Belted RADIUS

3 retries

MS RADIUS

3 retries

SecurID over RADIUS

1 retry