Provisioning Operators using a RADIUS Server

ARM allows using the enterprise's external RADIUS server for operator login authentication. This feature is available in addition to local operator login authentication described under Manually Provisioning an Operator in the ARM's Operators Page. Only operators with a security level of 'Security_Admin' can edit RADIUS authentication server attributes.

●

The default AudioCodes dictionary definition must be used with the RADIUS authentication server for the operator’s role definition (same as for the SBC or OVOC).

●

Enabling and using both the LDAP server and the RADIUS server for authentication is not allowed.

➢

To add a RADIUS operator login authentication server:

Open the RADIUS Authentication page (Settings > Administration > RADIUS Authentication).

Only operators with a security level of Admin can edit RADIUS authentication server parameters.

Configure the RADIUS Authentication Server parameters using the following table as reference.

RADIUS Authentication Server Parameters

Parameter

Description

Enable RADIUS Authentication

Drag the slider to the 'On' position to enable operator login authentication using a RADIUS authentication server. Default: 'Off' position (disabled).

Server IP

Enter the IP address of the RADIUS authentication server host (in dotted-decimal notation).

Server port

Enter the RADIUS authentication server's port number. Default: 1812

Server secret

Enter the 'secret' for authenticating the RADIUS server: it should be a cryptically strong password. The secret is used by the ARM Configurator to verify authentication of RADIUS messages sent by the RADIUS server (i.e., message integrity). By default, no value is defined.

RADIUS retransmit timeout (msec)

If no response is received from the RADIUS authentication server, the ARM Configurator can be configured to resend packets to it. Enter the time (in milliseconds) the ARM Configurator must wait for the RADIUS server to respond before sending a retransmission.

RADIUS auth number of retries

Enter the maximum number of retransmissions the ARM Configurator performs if no response is received from the RADIUS authentication server.

Default Security Policy

Select either:

■

Security_Admin [in the SBC / gateway, the equivalent value is 200]

■

Admin [mandatory level to edit RADIUS authentication server parameters; in the SBC / gateway, the equivalent value is 100]

■

Monitor [user level; in the SBC / gateway, the equivalent value is 50]

■

Reject [no permission; in the SBC / gateway, the equivalent value is any other number besides 200, 100 or 50]

NAS IP Address

Indicates the IP address of a network access server (NAS). A NAS can be used in the RADIUS authentication process. The NAS acts as the gateway between the user and the wider network. When a user attempts to obtain network access, the NAS passes authentication information (for example, user name and password) between the user and the RADIUS server.

NAS Port

Indicates the physical port number of the network access server.

NAS Identifier

A specific string that identifies the specific NAS server.

Additional attribute name

Option to add another attribute in the RADIUS authentication process. To use this option, enter properties in the field.

Additional attribute value

Option to add another attribute in the RADIUS authentication process. To use this option, enter properties in the field.

Test

Click this Test button to test general connectivity.

Connectivity with the RADIUS authentication server can also be tested for specific credentials by clicking the Test button located under the screen section 'Test Connectivity', after configuring the Test Connectivity parameters described in the following table.

Test Connectivity for Specific Credentials

Parameter	Description
Name	If 'Name' is undefined (empty), the connectivity test checks if the RADIUS authentication server can be logged into per the values defined under the 'RADIUS Authentication Server' parameters. If you enter a user name, the connectivity test checks that it's valid for logging into the ARM. Enter the user name assigned to the RADIUS server.
Password	If 'Password' is undefined (empty), the connectivity test checks if the RADIUS authentication server can be logged into per the values defined under the 'RADIUS Authentication Server' parameters. If you enter a user password, the connectivity test checks that it's valid for logging into the ARM. Enter the password required for accessing the RADIUS server.

Parameter

Description

Name

If 'Name' is undefined (empty), the connectivity test checks if the RADIUS authentication server can be logged into per the values defined under the 'RADIUS Authentication Server' parameters.

If you enter a user name, the connectivity test checks that it's valid for logging into the ARM. Enter the user name assigned to the RADIUS server.

Password

If 'Password' is undefined (empty), the connectivity test checks if the RADIUS authentication server can be logged into per the values defined under the 'RADIUS Authentication Server' parameters.

If you enter a user password, the connectivity test checks that it's valid for logging into the ARM. Enter the password required for accessing the RADIUS server.

RADIUS Connectivity Test Result

View the result of the RADIUS server connectivity test; the figure on the left shows a successful test while the figure on the right shows a failed test.

If RADIUS authentication is enabled, the order used to authenticate operator login is:

●

RADIUS

●

Local storage (Database)

If the RADIUS server is down or if the operator can't be authenticated with the RADIUS server because either the operator isn't found or the password doesn't match, the local operators table is used.

Configure authentication order. For more information, see Managing Authentication Order.

Click Submit.