AWAN 3883/4/5 Access Server Configuration and Management Manual
AWAN 3883/4/5 Access Server Configuration and Management Manual—424242-001
13-1
13
Configuring Security for Remote Access
Users
This section describes how to set up authentication and authorization for remote access
users. Remote access includes remote-node access, remote-office access, and remote-
control access connections. Authentication is a function in which a user’s identity is
verified. Authorization is the creation of specific rights for a user once the user has been
authenticated.
Authentication Methods
The AWAN access server supports the following authentication methods:
•
RADIUS
•
SecurID
•
XTACACS
RADIUS
RADIUS is a local area network (LAN)-based host logon/password application for
which the AWAN access server can be a client. RADIUS authenticates and authorizes
remote users through a series of communications between the AWAN access server and
a RADIUS server. Once a user is authenticated, the AWAN access server provides the
remote user with access to the appropriate network services.
When a remote user dials into an AWAN access server, the user is prompted for a user
name and password. The AWAN access server uses this information to create a data
packet called an authentication request. The AWAN access server then encrypts the
password and sends it to the RADIUS server. If the RADIUS server cannot be reached,
the AWAN access server can send the request to an alternate RADIUS server.
If the user name and password are valid, the RADIUS server sends an authentication
acknowledgment to the AWAN access server that includes information about the user’s
network identity and service requirements.
Configuring RADIUS authentication is explained in Configuring Authentication
on
page 13-4.
Note. Configuring remote access is described in Section 9, Configuring Remote Access
Connections.