HMAC-MD5 authentication used in RADIUS is allowed in FIPS mode.
RADIUS allows peer-to-peer authentication or client-to-server authentication.
Radius over TLS is supported in the FIPS mode.
Note
For more information on RADIUS authentication commands, refer to the Extreme NetIron Command Reference and the Extreme NetIron Routing Configuration Guide.
When TLS is used with OCSP during chain certificate validation or when stunnel is used as proxy TLS server for RADIUS, it is recommended to maximize the connection timeout for RADIUS. RADIUS timeout can be set to a maximum value of 12 seconds using the following command.
config# radius-server-timeout <val 3-12secs>