
Feedback
Search
Index
Contents
What's New?
Home
PolicyCenter Home
Overviews
Recommendations
Tasks
	Setup
		Run Guided Setup
		Modify Settings
		Basic Settings
		Traffic Shaping
		Security
		HTTPS Settings
		SSH Settings
		RADIUS
		Management Port
		Flow Detail Records
		Date and Time
		Upgrade Software
		Download Plug-Ins
		Email
		SNMP
		Failover
		High Availability
		Reset Tree
		Reboot Unit
		Reset Unit
		System Variables
		Frame Relay
		ATM
	Classification
	Traffic Tree Mgmt.
	Monitoring
	Partitions
	Policies
	Graphs & Reports
	Measurement
	Event Notification
	Response Time
	Xpress
	Administration
	Customer Portal
	Adaptive Response
	Direct Standby
	Watch Mode
	Auto-deployment
	PolicyCenter Units
	PolicyCenter Config.
	PolicyCenter Admin.
Reference
Product Information
Documents

Configure RADIUS Authentication Service

RADIUS authentication is an optional method for users to log into the PacketWise browser interface, command-line interface, and customer portal. Using third-party RADIUS servers enables you to have central configuration of user accounts.

Note: To perform this task from PolicyCenter, you must first select a configuration from the Editing Configuration drop-down list at the top of the page.

In addition to configuring the server as described below, you need to do some configuration at the RADIUS server or Internet Authentication Service so that it will work with PacketWise.

To configure PacketWise to work with a RADIUS authentication server:

1. Click the setup tab.

2. From the Choose Setup Page list, choose RADIUS Client. The RADIUS Client Settings screen appears. show screen

3. In the Authentication field, select on.

4. Select an Authentication method: PAP (Password Authentication Protocol) or CHAP (Challenge Handshake Authentication Protocol).

Note: With PAP, both the username and password are transmitted in clear text — that is, in an unencrypted form. PAP support is provided for those environments that use a password database external to the RADIUS server. In other environments, CHAP may be preferred for greater security.

5. In the Primary Authentication Host field, enter the IP address or DNS name of the RADIUS server.

6. Optional: To access the RADIUS server with a specific port, enter a number in the Port field.

If the field is left blank, the default port will be used.

7. In the Shared Secret field, enter the designated secret.

8. Optional: Specify a Secondary Authentication Host to use in case the primary RADIUS server is not accessible. Be sure to specify its Shared Secret as well.

9. If necessary, adjust the Retry limit.

By default, if the RADIUS server fails to respond, the RADIUS client will try to log onto the server three times before reporting a server failure. You can select a value between 1 and 10. If you have specified a secondary authentication host, the RADIUS client will alternate attempts to log onto each server.

10. If necessary, adjust the Retry interval.

By default, the RADIUS client waits 5 seconds before retrying a login when the RADIUS server fails to respond. You can select a value between 1 and 30 seconds.

11. Click apply changes.

After you have configured a RADIUS authentication server, users will be prompted for a user name and password when logging into PacketWise. For more information, see Log In and Out.