RADIUS return attributes

Issue:

RADIUS return attributes for the JS8500, JS4000, LS2000, CS9000 and Iolan SDS.

The following port Service will require the RADIUS profile/policy to be configured to return these attributes for connection:

Solution:

Below are examples of Radius Access-Accept Messages (return attributes) that are configurable for a required service:

For local port login, Reverse Telnet or Reverse SSH (CS9000 and Iolan SDS only) with security:
Service-Type = NAS Prompt

For Silent Telnet connection:
Service-Type = Login
Login-Service = Telnet
Login-IP-Host = xxx.xxx.xxx.xxx
Login-TCP-Port = 23

For PPP dial-in:
Service-Type = Framed (or Callback-Framed)
Framed-Protocol = PPP

Other PPP/SLIP RADIUS Access-Accept Messages supported:

Framed-Address = PPP Remote IP address
Framed-Netmask = subnet mask
Framed-MTU
Framed-Compression
Idle-Timeout
Session-Timeout
Callback-Number

For the CS9000 (v3.5.0+) and Iolan SDS vendor specific RADIUS attributes using the Easy Port menu refer to your manual and the links below.

These units only send the following RADIUS Account Request Messages:

User-Name
User-Password
Service-Type = Framed
NAS-IP-Address = server IP address
NAS-Port = port number that user is connecting to.

Note: these device servers send the password using PAP except the Iolan SDS which used CHAP.

Related Articles:
1.) Using RADIUS vendor specific attributes for the CS9000 on Steel Belted Radius
2.) Using vendor specific attributes with the CS9000 and IAS


Article ID:
 369
Published:
 7/18/2003 9:03:16 AM
Last Modified:
 5/1/2007 8:10:35 AM
Issue Type:
 Configuration