A RADIUS client is a mechanism to communicate with a central server to authenticate users and authorize access to the controller, service platform or access point managed network.
The client and server share a secret (a password). That shared password followed by the request authenticator is put through a MD5 hash algorithm to create a 16 octet value which is XORed with the password entered by the user. If the user password is greater than 16 octets, additional MD5 calculations are performed, using the previous ciphertext instead of the request authenticator. The server receives a RADIUS access request packet and verifies the server possesses a shared secret for the client. If the server does not possess a shared secret for the client, the request is dropped. If the client received a verified access accept packet, and if the username and password are correct, then the user is authenticated. If the client receives a verified access reject message, the user is not authenticated.
To define a RADIUS client configuration:
|IP Address/Mask||Specify the IP Address and mask of the RADIUS client authenticating with the RADIUS server|
|Shared Secret|| Specify a Shared Secret for authenticating the RADIUS
Shared secrets verify RADIUS messages with a RADIUS enabled-device configured with the same shared secret