Manualshelf

User Manual

ManualsBrandsPLANET Technology ManualsLAN SwitchesLayer 3 24-Port 10G SFP+ + 4-Port 100G QSFP28 Managed Switch
919293949596979899100
93
Users Manual of XGS-6350-24X4C
server that contains all user authentication and network service access information.
RADIUS has been implemented in a variety of network environments that require high levels of security while
maintaining network access for remote users.
Use RADIUS in the following network environments that require access security: :
Networks with multiple-vendor access servers, each supporting RADIUS. For example, access servers
from several vendors use a single RADIUS server-based security database. In an IP-based network with
multiple vendors' access servers, dial-in users are authenticated through a RADIUS server that has
been customized to work with the Kerberos security system.
Networks in which a user must only access a single service. Using RADIUS, you can control user
access to a single host, to a single utility such as Telnet, or to a single protocol such as Point-to-Point
Protocol (PPP). For example, when a user logs in, RADIUS identifies this user as having authorization to
run PPP using IP address 10.2.3.4 and the defined access list is started.
Networks that require resource accounting. You can use RADIUS accounting independent of RADIUS
authentication or authorization. The RADIUS accounting functions allow data to be sent at the start and
end of services, indicating the amount of resources (such as time, packets, bytes, and so on) used
during the session. An Internet service provider (ISP) might use a freeware-based version of RADIUS
access control and accounting software to meet special security and billing needs.
RADIUS is not suitable in the following network security situations:
Multiprotocol access environments. RADIUS does not support the following protocols:
AppleTalk Remote Access (ARA)
NetBIOS Frame Control Protocol (NBFCP)
NetWare Asynchronous Services Interface (NASI)
X.25 PAD connections
Switch-to-switch situations. RADIUS does not provide two-way authentication.
Networks using a variety of services. RADIUS generally binds a user to one service model.
6.2.1.2 RADIUS Operation
When a user attempts to log in and authenticate to an access server using RADIUS, the following steps
occur:
(1) The user is prompted for and enters a username and password.
(2) The username and encrypted password are sent over the network to theRADIUS server.
(3) The user receives one of the following responses from the RADIUS server:
a. ACCEPT—the user is authenticated.
b. REJECT—the user is not authenticated and is prompted to reenter the username and password, or
access is denied.
c. CHALLENGE—a challenge is issued by the RADIUS server. The challenge collects additional data
from the user.
d. CHANGE PASSWORD—a request is issued by the RADIUS server, asking the user to select a new