|
|
|
In a network with many Avaya switches, tracking all of the user accounts on each of the switches can be difficult. You can centralize the user accounts by using a Remote Authentication Dial-In User Service (RADIUS) server.
RADIUS is a service that authenticates users when they attempt to log in to a Network Access Device (NAD) such as an Avaya switch. RADIUS typically runs on a Windows or Linux server; however, it can run on other platforms as well depending on the vendor.
RADIUS is a client/server architecture where each device that uses the RADIUS server is a RADIUS client. The client sends Access Request messages to the RADIUS server. These messages include the user’s login name, the password encrypted, and optional parameters depending on configuration.
IMPORTANT: The RADIUS Client and Server must be configured with the exact same parameters.
Once the RADIUS server receives the access request message, it searches its database for the user account. If it finds an account, the password is correct, and the optional parameters match, an Access Accepted message is returned to the RADIUS client indicating that the user account exists, the password was correct, and the user has a certain access type (for example: Administrative or Read-Only). If not found, the password is incorrect, or the optional parameters do not match, then an Access Rejected message is sent.
NOTE: Due to an interoperability issue, the P580 and P882 RADIUS client does accept Access Accept messages from Windows 2000 RADIUS servers. To resolve this issue, obtain Windows 2000 service pack 3 or later. After installing the latest service pack, set the Generate-Class-Attribute field to FALSE.
This interoperability issue occurs because Microsoft RADIUS server includes a Class attribute in Access Accept messages that the P580 and P882 RADIUS client does not support. With service pack 3, you can disable generation of a class attribute. For more information on this issue, see http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q297317.
|
|
|