Authenticate management users with RADIUS server

VigorSwitch provides varies ways to authenticate the management user. Users will put their username and password which stores in the RADIUS server. A Radius server provides efficiency and availability in your entire network, in addition, to manage the users easily. This document shows how to set up the VigorSwitch binding to the RADIUS server on DrayOS router or Freeradius server.

If you have a RADIUS server already, please skip to How to add the RADIUS server into VigorSwitch?

Setting up DrayOS router

You can refer to this knowledge base article to set up the RADIUS server on DrayOS router.
https://www.draytek.com/support/knowledge-base/5146


Setting up Freeradius Server

  1. You can install Freeradius on your Linux server or virtual machine.
    $ sudo apt-get install freeradius
  2. Get the status of Freeradius, we will need the debug mode on Freeradius, so we stop the service in advance.
  3. Change the directory to the Freeradius file path Edit the user file by using
    $ vim users 

  4. You will see some user configuration in the file; we need to remove the annotation mark on Steve’s profile for testing.

  5. On the other hand, you can add your own dedicated user accounts. Then save the file to apply the configuration change.

  6. Then, we are now going to check our account works or not. Enable the debug mode by using
    $ freeradius -X
  7. Open the other terminal $ sudo radtest steve testing localhost 1812 testing123
    (Format: Sudo radtest username password RADIUS_Server_IP RADIUS_Server_Port RADIUS_Pre-SharedKey)
    Received Access-Accept means you have successfully authenticated.

  8. The testing123 is the Pre-Shared key between the RADIUS server and the clients. The key can be configured by editing the client.conf file in the Freeradius path. $ vim /etc/freeradius/3.0/client.conf
  9. To let the switch can use the RADIUS to authenticate users. Put the IP address and the information of VigorSwitch.
  10. After above configuration, your Freeradius server is ready for letting VigorSwitch authenticate.

How to add the RADIUS server into VigorSwitch?

  1. Navigate to Security>>RADIUS
  2. Scroll down to Add RADIUS server.
    Set up the Server Address, Priority and Key String.

  3. Then navigate to Seciruty>> Management Access Authentication>> Method Profile

    1. Put the name of the profile
    2. Select RADIUS as the Optional Method and move it to Selected Methods 
    3. Click Add to create the new profile
  4. Switch to Application Authentication tab
    Select the application and apply the method profile

  5. Then you can use your RADIUS account to login to the management interface!

Published On:2019-12-30 

Was this helpful?