メインコンテンツへスキップ

Radius-Authentifizierung für den Management-Zugriff - ナレッジベース / Products / Classic Firewalls - Belden Support Center

Radius-Authentifizierung für den Management-Zugriff

 

This lesson describes how to configure radius authentication for management access on EAGLE20/One

Configure Radius Server

In the webinterface navigate to Security -- External Authentication -- RADIUS Server
and specify the IP address, port and secret of the radius server

CLI command:
!*(Hirschmann Eagle) (config)#radius server 1 modify ip-address <ip address> port 1812 secret <shared secret>
!*(Hirschmann Eagle) (config)#radius server 1 status enable

Configure Authentication list

Navigate to Security -- External Authentication -- Authentication List
1. Create a new entry 'radiuslist' with first method 'radius'
2. Specify 'radiuslist' as authentication list for unknown system login users

CLI commands:

!*(Hirschmann Eagle) (config)#authentication login radiuslist add
!*(Hirschmann Eagle) (config)#authentication login radiuslist set radius
!*(Hirschmann Eagle) (config)#authentication login radiuslist enable
!*(Hirschmann Eagle) (config)#authentication login radiuslist default

SNMP over HTTPS

Enable SNMP over HTTPS otherwise radius authentication does not work for webinterface login.

Radius Server Configuration

Service-Types
e.g. freeradius server:

Service-Type = NAS-Prompt-User - Management Read-Only User
Service-Type = Administrative-User - Management Read-Write User

There is no access without valid service-type