
Feedback
Search
Index
Contents
What's New?
Home
PolicyCenter Home
Overviews
Recommendations
Tasks
	Setup
		Run Guided Setup
		Modify Settings
		Basic Settings
		Traffic Shaping
		Security
		HTTPS Settings
		SSH Settings
		RADIUS
		Management Port
		Flow Detail Records
		Date and Time
		Upgrade Software
		Download Plug-Ins
		Email
		SNMP
		Failover
		High Availability
		Reset Tree
		Reboot Unit
		Reset Unit
		System Variables
		Frame Relay
		ATM
	Classification
	Traffic Tree Mgmt.
	Monitoring
	Partitions
	Policies
	Graphs & Reports
	Measurement
	Event Notification
	Response Time
	Xpress
	Administration
	Customer Portal
	Adaptive Response
	Direct Standby
	Watch Mode
	Auto-deployment
	PolicyCenter Units
	PolicyCenter Config.
	PolicyCenter Admin.
Reference
Product Information
Documents

Log In and Out with RADIUS

Logging In with RADIUS

After RADIUS authentication and/or accounting is enabled, the user will be prompted for a user name and password when logging into the PacketWise browser interface, command-line interface, or customer portal or when FTPing to the unit. The user name can be up to 63 ASCII characters and may include a realm. The RADIUS client consults the configured RADIUS server to determine whether the user has access to the unit and verifies that the password is correct. The RADIUS client first tries the primary server, and if it doesn't respond within the specified retry interval, the secondary server (if configured) is tried. If there is still no response, the client repeats the primary/secondary cycle up to the specified retry limit. (Note: The retry limit and retry interval are specified on the RADIUS Client Settings page.)

When logging in, the user can leave the login field blank and use only the local look or touch password. This allows the user to log in without authenticating through the RADIUS server. This is especially useful when the RADIUS server is down or if PacketWise is unable to connect to the RADIUS server. However, the local login technique does not record user names for auditing purposes.

Note: Some FTP clients send a default user name when you press Enter during login. If you don't want to use RADIUS authentication when logging into an FTP server, you can enter the user name forceLocal and then specify the local touch password.

Any failed login attempts will be sent to a Syslog server, if one has been defined. See Set Up Syslog.

Logging Out

For audit trail and security purposes, users should explicitly log out of PacketWise:

To log out of the browser interface, click the logout button on the Info page. show screen
To log out of the command-line interface, type exit.

Logging out discards session content and generates a RADIUS accounting PW_STATUS_STOP message for the user. If a user doesn't explicitly log out, PacketWise will automatically time out after one hour of inactivity (although the time may be learned per-session from the RADIUS server). When a PacketWise browser session times out, a "timed out" or "unknown session" message appears the next time the user attempts to use PacketWise. When a remote login (such as Telnet) session times out, PacketWise sends a "timed out" message and disconnects. Note that asynchronous sessions do not time out.