RADIUS

Overview

Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users that connect and use a network service.

VEGA has built-in RADIUS client function, with which you can easily connect to your existing RADIUS services.

Vega can optionally be configured to use a RADIUS server to authenticate users when logging in. On logging in the Vega sends the username and password to the configured radius server for verification rather than holding the password locally.
The permissions for the user will be held locally on the Vega. There is a 2 second timeout for the radius login. If the Vega doesn’t receive a radius server response in 2 seconds, the login will fail.

NOTE: VEGA doesn't provide RADIUS server functionality

Below is the call flow for RADIUS Authentication and Authorization and RADIUS Accounting:

 

                                     RADIUS Authentication and Authorization Flow:

                                     

 

RADIUS Accounting Flow:

                                   

Configuration

Radius configuration is present within “RADIUS Accounting” option under “Logging Tab” of “Expert Config Section” (i.e. Expert Config Section-> Logging and edit “RADIUS Accounting”) as show below: 

 

As shown in above figure Vega Radius Accounting configuration is divided in to two parts:

  1.  RADIUS Configuration

  2. RADIUS Server Configuration

RADIUS Client Configuration

RADIUS client configuration mainly has configuration like:

  • On which lan profile (ip) RADIUS client need to be configured

  • Hostname

  • Timer Values like Retry time

  • Maximum Number of Retries

  • Overload Session ID i.e. basically to select the format like vega specific format or cisco VSA format or any other.

RADIUS Server Configuration

As name suggest this mainly has configuration with respect to RADIUS Server like:

  • IP/Domain Name at which radius server is configured

  • Authenticating port

  • Accounting port

  • Secret i.e. password of RADIUS server

  • Enable in order to enable that respect radius server on VEGA

In order to Use RADIUS authentication for user login RADIUS login needs to be enable.If the RADIUS login is not set and the user attempts to login via a console (serial) session RADIUS login authentication will not be used.
The user password will be checked against the one configured in the Vega. If the RADIUS login is set then RADIUS authentication will be used for all logins, including serial access.

RADIUS login configuration is present within “User Administration” option under “System Tab” of “Expert Config Section” (i.e. Expert Config Section-> System and edit “User Administration”) as show below:
 

Troubleshooting

  1. You can easily troubleshoot RADIUS message flow by filtering wireshark pcap trace by filter "radius".

  2. VEGA only has RADIUS client functionality; for RADIUS server, we can either use existing RADIUS server if present any, or download and install the great open source FreeRadius from www.freeradius.org.
    In order to check how to configure FreeRadius with VEGA please refer to VEGA with FreeRadius.

  3. Here below is the screen capture of one RADIUS Accounting pcap trace:

 

               

Return to Documentation Home I Return to Sangoma Support