User Guide
246 Chapter 6 Configuring authentication
320818-A
The RADIUS menu displays.
The RADIUS menu includes the following options:
/cfg/domain 1/aaa/auth #/radius
followed by:
servers
Accesses the RADIUS servers menu, in order to
manage the external RADIUS servers configured for
the domain (see “Managing RADIUS authentication
servers using the CLI” on page 247).
vendorid <vendor ID>
Specifies the vendor-specific attribute used by the
RADIUS server to send group names to the Nortel
SNAS 4050. The default Vendor-Id is 1872 (Alteon).
To use a standard RADIUS attribute rather than the
vendor-specific one, set the vendor ID to 0 (see also
vendor type).
Note: If
authproto is chapv2, the Vendor-Id must
be set to 311 (Microsoft).
vendortype <vendor
type>
Specifies the Vendor-Type value used in combination
with the Vendor-Id to identify the groups to which the
user belongs. The group names to which the
vendor-specific attribute points must match names you
define on the NSNAS. The default is 1.
If you set the vendor ID to 0 in order to use a standard
RADIUS attribute (see vendor ID), set the vendor type
to a standard attribute type as defined in RFC 2865.
For example, to use the standard attribute Class, set
the vendor ID to 0 and the vendor type to 25.
domainid <domain ID>
Specifies the vendor-specific attribute used by the
RADIUS server to send domain names to the NSNAS.
The default Vendor-Id is 1872 (Alteon).
Note: If
authproto is chapv2, consider setting the
Vendor-Id for the domain to 10 (MS-CHAP-Domain).
domaintype <domain
type>
Specifies the Vendor-Type value used in combination
with the Vendor-Id to identify the domain. The default
is 3.
authproto pap|chapv2
Specifies the protocol used for communication between
the Nortel SNAS 4050 and the RADIUS server. The
options are:
•
pap — Password Authentication Protocol (PAP)
• chapv2 — Challenge Handshake Authentication
Protocol (CHAP), version 2
The default is PAP.