This lesson describes how to configure radius authentication for management access on EAGLE20/One
Configure Radius Server
In the webinterface navigate to Security -- External Authentication -- RADIUS Server
and specify the IP address, port and secret of the radius server
CLI command:
!*(Hirschmann Eagle) (config)#radius server 1 modify ip-address <ip address> port 1812 secret <shared secret>
!*(Hirschmann Eagle) (config)#radius server 1 status enable
Configure Authentication list
Navigate to Security -- External Authentication -- Authentication List
1. Create a new entry 'radiuslist' with first method 'radius'
2. Specify 'radiuslist' as authentication list for unknown system login users
CLI commands:
!*(Hirschmann Eagle) (config)#authentication login radiuslist add
!*(Hirschmann Eagle) (config)#authentication login radiuslist set radius
!*(Hirschmann Eagle) (config)#authentication login radiuslist enable
!*(Hirschmann Eagle) (config)#authentication login radiuslist default
SNMP over HTTPS
Enable SNMP over HTTPS otherwise radius authentication does not work for webinterface login.
Radius Server Configuration
Service-Types
e.g. freeradius server:
Service-Type = NAS-Prompt-User - Management Read-Only User
Service-Type = Administrative-User - Management Read-Write User
There is no access without valid service-type
Deutsch