RADIUS

The system administrator and users with appropriate configuration rights can configure the SLC to use RADIUS to authenticate users attempting to log in using Telnet, SSH, or the console port.

Note:  Users who are authenticated through RADIUS are granted port access through the port permissions on this page.

To configure the SLC to use RADIUS to authenticate users:

  1. Complete the following fields:

Enable RADIUS

Displays selected if you enabled this method on the  User Authentication Methods page. If you want to set up this authentication method but not enable it immediately, clear the checkbox.

Note:  If you enable RADIUS here, it automatically displays at the end of the order of precedence on the User Authentication page.

RADIUS Server #1

IP address or host name of the primary RADIUS server. IP address or hostname of the primary RADIUS server. This RADIUS server may be a proxy for SecurID.

Server #1 Port (optional)

Number of the TCP port on the RADIUS server used for the RADIUS service. If you do not specify an optional port, the SLC uses the default RADIUS port (1812).

Server #1 Secret

Text that serves as a shared secret between a RADIUS client and the server (SLC). The shared secret is used to encrypt a password sent between the client and the server. May have up to 128 characters.

RADIUS Server #2

IP address or host name of the secondary RADIUS server.

Server #2 Port

Number of the TCP port on the RADIUS server used for the RADIUS service. If you do not specify an optional port, the SLC uses the default RADIUS port (1812).

Server #2 Secret

Text that serves as a shared secret between a RADIUS client and the server (SLC). The shared secret is used to encrypt a password sent between the client and the server. May have up to 128 characters.

Timeout

The number of seconds (1-30) after which the connection attempt times out. The default is 30 seconds.

Custom Menu

If custom menus have been created (see the User Guide), you can assign a default custom menu to RADIUS users.

Escape Sequence

A single character or a two-character sequence that causes the SLC to leave direct (interactive) mode. (To leave listen mode, press any key.)

A suggested value is Esc+A (escape key, then uppercase "A" performed quickly but not simultaneously). You would specify this value as \x1bA, which is hexadecimal (\x) character 27 (1B) followed by an A.

This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport, tcp, or udp.

Break Sequence

A series of one to ten characters users can enter on the command line interface to send a break signal to the external device. A suggested value is Esc+B (escape key, then uppercase “B” performed quickly but not simultaneously). You would specify this value as \x1bB, which is hexadecimal (\x) character 27 (1B) followed by a B.

Data Ports

The ports users are able to monitor and interact with using the connect direct command. U and L denote the PC Card upper and lower slots.

Listen Ports

The ports users are able to monitor using the connect listen command.

Clear Port Buffers

The ports whose port buffer users may clear using the set locallog clear command.

Power Outlets

Right to view and enter settings for power outlets (SLB only).

Note:  Older RADIUS servers may use 1645 as the default port. Check your RADIUS server configuration to make sure.

  1. In the User Rights section, select the user group to which RADIUS users will belong:

Group

Select the group to which the RADIUS users will belong:

Default Users: This group has only the most basic rights (described above).

Power Users: This group has the same rights as Default Users plus Networking, Date/Time, Reboot & Shutdown; Diagnostics & Reports.

Administrators: This group has all possible rights.

  1. Select or clear the checkboxes for the following rights:

Full Administrative

Right to add, update, and delete all editable fields.

Networking

Right to enter network settings.

Services

Right to enable and disable system logging, SSH and Telnet logins, SNMP, and SMTP.

Date/Time

Right to set the date and time.

SecureLinx Network

Right to view and manage SecureLinx units (e.g., SLPs, Spiders, SLCs).

Local Users

Right to add or delete local users on the system.

Remote Authentication

Right to assign a remote user to a user group and assign a set of rights to the user.

SSH Keys

Right to set SSH keys for authenticating users.

User Menus

Right to create or edit a custom user menu for the CLI.

Web Access

Right to access Web-Manager.

Reboot & Shutdown

Right to use the CLI or shut down the SLC and then reboot it.

Firmware & Configuration

Right to upgrade the firmware on the unit and save or restore a configuration (all settings).

Diagnostics & Reports

Right to obtain diagnostic information and reports about the unit.

Device Ports

Right to enter device port settings.

PC Card

Right to enter modem settings for PC cards.

Access Outlets

The power outlets users may monitor and configure. (SLB only)

  1. To save, click Apply.

Note: You must reboot the unit before changes will take effect.

See Also

Device Ports

User Authentication Methods

User Rights

Local and Remote Users

Local/Remote User Settings

NIS

LDAP

Kerberos

TACACS+