How does radius control management access, How does radius control management, Access – Dell POWEREDGE M1000E User Manual

176

Controlling Management Access

How Does RADIUS Control Management Access?

Many networks use a RADIUS server to maintain a centralized user database

that contains per-user authentication information. RADIUS servers provide a

centralized authentication method for:

• Telnet Access
• Web Access
• Console to Switch Access
• Access Control Port (802.1X)

Like TACACS+, RADIUS access control utilizes a database of user

information on a remote server. Making use of a single database of accessible

information—as in an Authentication Server—can greatly simplify the

authentication and management of users in a large network. One such type of

Authentication Server supports the Remote Authentication Dial In User

Service (RADIUS) protocol as defined by RFC 2865.
For authenticating users prior to access, the RADIUS standard has become

the protocol of choice by administrators of large accessible networks. To

accomplish the authentication in a secure manner, the RADIUS client and

RADIUS server must both be configured with the same shared password or

“secret”. This “secret” is used to generate one-way encrypted authenticators

that are present in all RADIUS packets. The “secret” is never transmitted over

the network.
RADIUS conforms to a secure communications client/server model using

UDP as a transport protocol. It is extremely flexible, supporting a variety of

methods to authenticate and statistically track users. RADIUS is also

extensible, allowing for new methods of authentication to be added without

disrupting existing functionality.
As a user attempts to connect to the switch management interface, the switch

first detects the contact and prompts the user for a name and password. The

switch encrypts the supplied information, and a RADIUS client transports

the request to a pre-configured RADIUS server.