RADIUS authentication

When RADIUS authentication takes place, the following events occur.

  1. A user attempts to gain access to the RUCKUS device by doing one of the following:
    • Logging into the device using Telnet, SSH, or the Web Management Interface
    • Entering the Privileged EXEC level or CONFIG level of the CLI
  2. The user is prompted for a username and password.
  3. The user enters a username and password.
  4. The RUCKUS device sends a RADIUS Access-Request packet containing the username and password to the RADIUS server.
  5. The RADIUS server validates the RUCKUS device using a shared secret (the RADIUS key).
  6. The RADIUS server looks up the username in its database.
  7. If the username is found in the database, the RADIUS server validates the password.
  8. If the password is valid, the RADIUS server sends an Access-Accept packet to the RUCKUS device, authenticating the user. Within the Access-Accept packet are three RUCKUS vendor-specific attributes that indicate the following:
    • The privilege level of the user
    • A list of commands
    • Whether the user is allowed or denied usage of the commands in the list

    The last two attributes are used with RADIUS authorization, if configured.

  9. The user is authenticated, and the information supplied in the Access-Accept packet for the user is stored on the RUCKUS device. The user is granted the specified privilege level. If you configure RADIUS authorization, the user is allowed or denied usage of the commands in the list.