Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Loading...
Loading...

INFO: Setting up Radius Authentication

Expand / Collapse


This article applies to:

  • R3000

Question:

Setting up Radius Authentication

Reply

Setting up Radius Authentication

The Radius feature uses a Radius accounting server that determines which accounts will be filtered and how they will be filtered. The user profile in the Radius accounting server holds the filter definition for the user.  Depending on your network setup, there may be more than one accounting server.  Also there may be a client (Network Access Server or proxy server) that sends accounting request packets to the Radius accounting server.

The filter definition for the user must be a Class Attribute 25 (String). As an example:

xstop:Rule4

Rule4 would be a preconfigured Rule defined on the R3000 and xstop:Rule4 is the
Class Attribute for the radius user profile.

Enable Radius

The Radius Mode is Off by default. To use Radius, click the On radio button.  This action displays the Radius Authentication Settings frame.

Specify Radius Authentication Settings

1. In the Radius Server field, 1.2.3.9 displays by default. Enter the IP address of the Radius accounting server.

2. In the Radius Port number field, 1813 displays by default. Change this number only if the Radius accounting server uses a different port number.

3. In the Byte Order Mode field, specify the format in which bytes will be transferred:

- Click the radio button corresponding to Network Byte Order to transfer the most significant byte first.

- Click the radio button corresponding to Host Byte Order to use the byte order stored in the server (big endian or little endian order).

NOTE: The byte order should match the setting on the Radius accounting server.

4. In the Forward Mode field, specify whether accounting request packets will be delivered from the client (NAS or proxy server) to the Radius accounting server.

To enable the Forward Mode option:

- Click the On radio button. The NAS will forward accounting request packets to the Radius accounting server.

- Check the box for Use R3000 IP as Source IP, if the IP address of the R3000 server (eth0 or eth1) should be used when forwarding packets instead of the IP address of the NAS.

To disable the Forward Mode option, click the Off radio button. This action causes the Use R3000 IP as Source IP field to display greyed out.

5. In the Reply Mode field, specify whether the server that sent a request should receive a response.

To enable the Reply Mode option:

 - Click the On radio button. A reply and accounting response packet will be submitted to the sender (NAS or Radius server).

- Enter an Authenticated Phrase to be shared by the Radius server and NAS.

- At the Copy Proxy State field, click the On radio button if you wish to copy the proxy state attribute to the packet.

NOTE: The copy proxy state attribute will only be added to the response packet if the Reply Mode is On. If the Radius accounting server is in the Forward Mode and the Reply Mode is Off, the copy proxy state attribute will be forwarded to the destination server but will not reply back to the client.

Apply Settings

Click Apply to save your settings.

----------------------

The R3000 requires the following information from the Radius account server:

For the logons:
1. User
2. Framed_ipaddr
3. Acct_status{Start}
4. Class

For the logoff:
1. Framed_ipaddr
2. Acct_status{stop}

------------------------

Radius string examples:

xstop:A, R PORN, 1

Make sure there is no space after the word "xstop". This would be WRONG: "xstop: A"

More examples:

To block the Pornography category, and deliver a custom block page:
xstop:B 80 I,J R GPORN I, 1,http://www.company.com/blockpage.html

To use a pre-defined Rule instead of specifying categories:
xstop:Rule6,http://www.company.com/blockpage.html

To use a Rule, deliver a custom block page, and enable filtering options (in this case, Yahoo/Google/Ask/AOL Safe Search Enforcement):
xstop:Rule6,http://www.company.com/blockpage.html,0x5


This article was previously published as:
8e6 KB 300308

To contact Trustwave about this article or to request support:


Rate this Article:
     
Tags:

Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster
.