DCFM Professional Plus User Manual (53-1001774-01, June 2010)
DCFM Professional Plus User Manual 159
53-1001774-01
7
Authentication
The Authentication function enables you to configure an authentication server and establish
authentication policies. Authentication is configured to the local database by default. If you
configure primary authentication to a Radius server, an LDAP server, or switch authentication, you
can also configure secondary authentication to the local server. When you log in to the
Management application, if the primary server is unavailable, the Management application
attempts with the next configured primary server. If all primary servers are unavailable, then the
Management application falls back to the secondary authentication. Fall back only occurs for
server unavailability, not if there is an authentication failure for another reason (for example, invalid
credentials).
Configuring a Radius server
If you are using a Radius server for authentication, make the following preparations first:
• Select an Authentication Type (you will be prompted to provide a type in the Add or Edit Radius
Server dialog box). The Authentication Type is the authentication policy you choose for handling
authentication. The options are PAP and CHAP.
- PAP, password protected protocol, is based on password verification. Passwords are not
encrypted, and are not secure from eavesdroppers during transmission.
- CHAP, challenge handshake protocol, uses a three-way handshake method of verification
based on a shared secret. If you are using CHAP, have the shared secret available to you.
You will need to type it in as a configuration parameter.
• Know the Shared Secret.
• Have the IP address of the server available.
• Know the TCP port you are using. For Radius servers, ports 1812 or 1645 (actually UDP ports)
are commonly used. Check with the Radius server vendor if you are not sure which port to
specify.
• Know how long you want to wait between attempts to reach the server if it is busy. This is
expressed as a timeout value (default is 3 seconds) in seconds. Values are between 1 and 15.
• Determine how many attempts (default is 3 times) to make to reach the server before stopping
and assuming it is unreachable. Values are between 1 and 5.
• If possible, establish an active connection with the Radius server before configuration. This
enables you to test the connection as part of the configuration procedure.
1. Select the Authentication tab.
2. For Primary Authentication, select Radius Server.
3. Click Add.
The Add or Edit Radius Server dialog box displays.
4. Enter the radius server’s IP address in the IP Address field.
5. Enter the TCP port used by the Radius server in the TCP Port field.
6. Select the authentication policy (PAP or CHAP) from the Authentication Type field.
7. Enter the shared secret in the Shared Secret and Confirm Secret fields.