Enterasys Networks Security Router X-PeditionTM User Manual

VPN Configuration Overview

XSR User’s Guide 14-25

Authentication, Authorization and Accounting Configuration

The XSR’s AAA implementation handles all authentication, authorization and accounting of users
(Remote Access) and peer gateways (Site-to-Site). The components include:

•

Usernames and passwords for authentication

•

Associated group name for authorization of network services

•

IP addressing, including:

–

Virtual addresses from a local IP pool

–

DNS (primary and secondary) for remote access clients

–

WINS (primary and secondary) for remote access clients

•

Encryption settings for PPTP remote access clients

•

AAA per interface (for clients), for PPP, and debugging

•

Configuration for standard RADIUS. In addition to all the necessary values for
communicating securely with a RADIUS server, the XSR permits specifying a backup RADIUS
server for authentication failover. Refer to the table below for supported attributes.

Table 14-2 XSR-Supported RADIUS Attributes

Authentication

Accounting

Vendor-Specific

User-Name (1)

Acct‐Status‐Type (40)

MSCHAP Response (1)

User‐Password (2)

Acct‐Input‐Octets (42)

MSCHAP Error (2

NAS‐IP‐Address (4)

Acct‐Output‐Octets (43)

MSCHAP Domain (10)

Framed‐IP‐Address (8)

Acct‐Session‐Id (44)

MSCHAP Challenge (11)

Framed‐IP‐Netmask (9)

Acct‐Session‐Time (46)

MSCHAP MPPE Keys (12)

Framed‐MTU (12)

Acct‐Input‐Packets (47)

MPPE Send Key (16)

Reply‐Message (18)

Acct‐Output‐Packets (48)

MPPE Receive Key (17

Class (25)

Acct‐Terminate‐Cause (49)

MSCHAP2 Response (25)

State (24)

MSCHAP2 Success (26)

Vendor‐Specific (26)

NAS‐Identifier (32)

Login‐LAT‐Group (36

NAS‐Port‐Type (61)

EAP‐Message (79

Message‐Authenticator (80)