RADIUS (Remote Authentication Dial In User Service) specifies the RADIUS protocol used for authentication, authorization and accounting, to differentiate, to secure and to account for the users. The RADIUS Server provides the option for a caller from/through Quadro to pass authentication and to be able to dial a specific number.
When a RADIUS client is enabled on the Quadro, and according to the configuration of AAA Required, the RADIUS server will be used to authenticate the user and/or to account for the call. This can be accomplished by automatic detection of the caller's number or a customized login prompt where the caller is expected to enter a username and password.
Transactions between the client and RADIUS server are authenticated through the use of a shared Secret Key, which is never sent over the network. In addition, user passwords are encrypted when sent between the client and RADIUS server to eliminate the possibility of a party viewing an unsecured network where they could determine a user's password. If no response from
the RADIUS server is returned after the Receive Timeout expires, the request is re-sent numerous times as defined in the Retry Count list. The client can also forward requests to an alternate server or
servers if the primary server is down or unreachable. An alternate server can be used after a number of failed tries to the primary server.
Once the RADIUS server receives the request, it validates the sending client. A request from a client for which the RADIUS server does not recognize must be silently discarded. If the client is valid, the RADIUS server consults a database of users to find the user whose name matches the request. The user entry in the database contains a list of requirements (username, password, etc.)
that must be met to allow access for the user. If all conditions are met, the user gets access to the Quadro Network.
The RADIUS Client Settings page contains the Enable RADIUS Client checkbox that enables RADIUS client on the Quadro.
Note: The RADIUS Client cannot be disabled if there is at least one route with RADIUS Authentication and Authorization or RADIUS Accounting value configured in the AAA Required drop down list at the Call Routing table. In order to be able to disable the RADIUS Client on the Quadro, appropriate routes should be removed first.
Other RADIUS Client settings are divided into three groups:
Registration Settings:
The Primary Server requires the IP address of the primary RADIUS server.
The Secondary Server requires the IP address of the secondary RADIUS server.
The NAT Station IP text fields require the NAT PC WAN IP address. If no NAT Station is specified here, Quadro's IP address will be sent to the RADIUS server. The IP-Clipboad button offers a conveniant possibility to enter IP addresses that have been used before.
Secret Key is used to insert the secret key between the RADIUS client and server. Contact
your RADIUS server administrator to get the secret key for your Quadro.
The Confirm Secret Key field is used to verify the secret key. If the entered Secret Key does not correspond to the one in the Confirm Secret Key field, the error message "The Secret Key do not match. Please try again " will appear.
Retry Count allows you to select the number of attempts authorized before canceling the registration.
Receive Timeout allows you to select the timeout (in seconds) between two attempts to register.
Encoding Type allows you to select the encoding type (PAP or CHAP) that should be unique on both client and server sides for successful connection establishment.
The encoding type should also be requested from the RADIUS server administrator.
Authorization Port text field requires the port number on the RADIUS server to which Quadro is to send the authentication requests.
Accounting Port text field requires the port number on the RADIUS server to which Quadro is to send the accounting messages.
Authentication Settings:
The Enable common login for all users in time of by Phone authentication checkbox enables custom settings for the callers who passed an authorization by phone on the Quadro. This checkbox enables Username and Password text fields to insert the custom settings that will stand instead of the source caller's settings when being delivered to the RADIUS server.
The Authentication on Destination RADIUS Server parameters group is used to insert a Username and a Password followed by the password confirmation) to pass authentication on the RADIUS Server of the destination Quadro. If these fields are left empty, the original authentication settings that users enter for authentication will be used.
Accounting Settings:
The Username field is dedicated for accounting services only. It is used to insert an identification username for accounting purposes. When no username is specified in this field, the source username will be used for accounting.
The Send Accounting messages manipulation radio buttons group is used to select sending both Start and Stop accounting messages or only Stop accounting message.