T.4 radius operation and configuration – Comtech EF Data CDM-625A User Manual

CDM-625A Advanced Satellite Modem

MN-CDM625A

Appendix T

Revision 3

T–4

T.4 RADIUS Operation and Configuration

RADIUS is available only when you configure the CDM-625A for IP or IP-ACM operating mode.

Enabling and disabling of RADIUS is possible only through:

•

The CDM-625A front panel;

•

The CDM-625A HTTP (Web Server) Interface Admin | Access page;

•

Issuance of Telnet remote commands.

With RADIUS enabled, any login attempt through the HTTP, Telnet, or Telnet CLI interfaces

results in the modem first contacting the RADIUS Client Server for authentication and

authorization before granting remote user access. Comtech EF Data provides three levels of user

access/login – Admin, Read/Write, and Read Only. Access to operations is controlled as follows:

User Access Login Level

Access Restriction(s)

Admin User (system*)

Full read/write access to all remote commands and queries via Telnet, Telnet CLI

(when unit is equipped with the Optional IP Packet Processor), and web pages

(including RADIUS configuration and control using the Admin | Access web page),

Read/Write User

•

No Access

to Admin- or IP Packet Processor-related Telnet remote

commands and queries, Telnet CLI, and web pages.

•

Full read/write access to all modem configuration and monitoring web pages

(except Admin).

Read-Only User

•

No Access

to Admin or IP Packet Processor-related web pages, Telnet remote

commands and queries, or Telnet CLI.

•

Read Only Access for all other web pages.

•

RADIUS does not

control user access to the CDM-625A Front Panel, serial-based

remote product management, or the SNMP user interface.

•

*System administration under the Admin User login privilege does not require

RADIUS.

•

Admin User credentials are stored in the modem, so login as Admin User does

not require the RADIUS Server connectivity.

•

SNMP access can be disabled using System Admin access.

Configuration of RADIUS features is possible only through the HTTP (Web Server) Interface

Admin | Access page, or by issuance of remote commands via Telnet. No configuration of

RADIUS is available from the CDM-625A front panel or through serial-based remote commands,

SNMP, or the Telnet CLI.

The modem is configurable with primary and secondary RADIUS server addresses. In the event

that the primary server is unavailable, the secondary server will be used to validate the user

name and password.