How to allow RADIUS admin to login the switch? (by TekRADIUS)
Options
Zyxel_Melen
Posts: 1,673 Zyxel Employee
Scenario
Some users might prefer to use RADIUS server to manage the access control for the network devices, Zyxel switch provides users to use RADIUS server to authenticate the switch login. This FAQ will use GS2220 and TekRADIUS for example.
Topology
Configuration
V4.70 version firmware:
- Navigate to Advanced Application > AAA > RADIUS Server Setup to configure the authentication Server.
- Navigate to Advanced Application > AAA > AAA Setup to configure “Authentication” and “Authorization.”
Authentication > Login should set radius in method 1, and method 2 can be “-” or “local.”
Authorization > Exec should be active and set method as radius.
V4.80 version firmware:
- Navigate to Security > AAA > RADIUS Server Setup to configure the authentication Server.
- Navigate to Advanced Application > AAA > AAA Setup to configure “Authentication” and “Authorization.”
Authentication > Login should set radius in method 1, and method 2 can be “-” or “local.”
Authorization > Exec should be active and set method as radius. V4.80 firmware supports server key encryption; the shared secret will be stored on the Switch in an encrypted format and displayed as ‘*’ in the SECURITY > AAA > RADIUS Server Setup and SECURITY > AAA > TACACS+ Server Setup screens. Users can consider enabling it to prevent shared secrets from being exposed.
TekRADIUS part:
Setup TekRADIUS:
- Set RADIUS client: 192.168.1.1 with shared key 12345678.
- Create a new account “zyuser” and its password “1234”.
- Add attribute “service-type” with type “Success-Reply“ and value “login” to zyuser.
- Create a new attribute string: “Zyxel-Privilege-AVPair” whose attribute ID is “3”. The vendor ID of Zyxel is “890”.
- Add the attribute string “Zyxel-Privilege-AVPair” with type “Success-Reply” and value “shell:priv-lvl=14” to zyuser.
Verify
- Client can access the telnet session on the Switch:
- Client accesses the Switch via console.
- Capture RADIUS packets on RADIUS Server side.
- RADIUS request from Client
- RADIUS accepts from Server
- RADIUS request from Client
Zyxel Melen
0
Categories
- All Categories
- 396 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 86 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 915 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 419 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight