Using RADIUS


A Network Access Server (NAS, e.g., a Router) operates as a client of RADIUS. The RADIUS client is responsible for passing user information to designated RADIUS servers, and then acting on the response which is returned. RADIUS servers are responsible for receiving user connection requests, authenticating the user, and then returning all configuration information necessary for the client to deliver service to the user.

Transactions between the client and RADIUS server are authenticated through the use of a shared secret, which is never sent over the network. In addition, any user passwords are sent encrypted between the client and RADIUS server, to eliminate the possibility that someone snooping on an unsecured network could determine a user's password.

There has been some confusion in the assignment of port numbers for this protocol. The early deployment of RADIUS was done using the erroneously chosen port number 1645, which conflicts with the "datametrics" service. The officially assigned port number for RADIUS is 1812. So, be sure which port your RADIUS server uses before configuring it in the Prestige.

[Note]: The Prestige is configured with default port 1645, please reboot the Prestige it is changed to 1812.


  1. Get Radius application S/W and install it first.
  2. If the callback feature is required, please add the following ZyXEL proprietary attributes in the 'Dictionary' file which generally locates in the Radius installation folder. Please note, when editing RADIUS files some RADIUS servers do not suggest DOS Editor or Notepad. So, you can try Wordpad instead.   
# Zyxel proprietary attributes
ATTRIBUTE Zyxel-Callback-Option 192        integer 
VALUE     Zyxel-Callback-Option None       0
VALUE     Zyxel-Callback-Option Optional   1
VALUE     Zyxel-Callback-Option Mandatory 2

# Zyxel Callback phone number source
ATTRIBUTE Zyxel-Callback-Phone-Source 193           integer 
VALUE     Zyxel-Callback-Phone-Source Preconfigured 0
VALUE     Zyxel-Callback-Phone-Source User          1

3. Enter the RADIUS client IP and the encrypted key in the 'Clients' file. See an example below.

# This file contains a list of clients which are allowed to make 
# authentication requests and their encryption key.
# The first field is a valid hostname for the client.
# The second field (separated by blanks or tabs) is the encryption key.
#
#Client Name      Key
#---------------- -------------------
#portmaster1      testing123
203.66.113.187    key187 

In this example, the new client 203.66.113.187 is the Prestige router. The key 'key187' must be configured in SMT Menu 23.2 later..

4. Enter the user profile including username and password in the 'Users' file. See an example below.

# Example 1: PPP user without callback.
#
# Username     Password= "  " 
#---------------------------------------------------------- 
ray            Password = "12345"
#
# Example 2: PPP user with Callback.
#

# Username     Password= "  " 
#---------------------------------------------------------- 
test           Password = "1234"
               Zyxel-Callback-Option = Mandatory,
                       Zyxel-Callback-Phone-Source = Preconfigured
                       CallBack-Number = "523444"

 

5. Run "RADIUS.EXE -X15" to turn on the RADIUS service.


 
Menu 23.2 - System Security - External Server

Authentication Server:
Active= Yes
Type= RADIUS
Server Address= 203.66.113.10 
Port #= 1645
Key= key187 

Key Settings:

6. Please check there is no duplicate user setting in SMT menu 14 compared to the 'Users' file in step 4.


All contents copyright © 1999 ZyXEL Communications Corporation.