USE-CASE DESCRIPTION
This use case demonstrates how to strengthen administrative access control for Anybus Defender by integrating it with a RADIUS authentication backend hosted on the Anybus Defender, enhanced with One-Time Password (OTP) using the Google Authenticator in your phone. The setup introduces multi-factor authentication (MFA), combining something the user knows (PIN/password) with something the user has (mobile OTP app).
APPLICABLE PRODUCTS
Anybus Defender 4000, 6000 and 8000 series.
VERSIONS USED IN THIS ARTICLE
- Anybus Defender 2.5.2-2025111723
- FreeRADIUS package version 0.15.8_32 on Anybus Defender
- Google Authenticator app on Android or iOS
Install and Configure FreeRADIUS with Google Authenticator OTP on Anybus Defender
1. Install FreeRADIUS
Go to:
System → Package Manager → Available Packages
Install FreeRADIUS.
2. Configure FreeRADIUS Interfaces
Go to:
Services → FreeRADIUS → Interfaces → Add
Authentication Interface
- Interface IP: 127.0.0.1
- Port: 1812
- Interface Type: Authentication
- IP Version: IPv4
Save.
Accounting Interface
Add a second interface with:
- Interface IP: 127.0.0.1
- Port: 1813
- Interface Type: Accounting
- IP Version: IPv4
Save.
3. Add NAS Client
Go to:
Services → FreeRADIUS → NAS/Clients → Add
- Client IP Address: 127.0.0.1
- Client IP Version: IPv4
- Client Shortname: defenderlocal
- Client Shared Secret: secret
- Client Protocol: UDP
- Client Type: other
- Require Message Authenticator: No
Save.
4. Add RADIUS Authentication Server as authentication server
Go to:
System → User Manager → Authentication Servers → Add
- Descriptive Name: radius_google
- Type: RADIUS
- Protocol: PAP
- Hostname or IP address: 127.0.0.1
- Shared Secret: secret
- Services offered: Authentication and Accounting
- Authentication Port: 1812
- Accounting Port: 1813
- Authentication Timeout: 5
- RADIUS NAS IP Attribute: WAN
Save.
System → User Manager → Settings
- Authentication Server: radius_google
- Shell Authentication: Make sure to check it.
5. Create a User with One Time Password (OTP)
Go to:
Services → User Manager → Users → Add
- Scope: Local
- Disabled: Make sure it is checked (This will disable the ability to login using the password)
- Username: Jim
- Password: >Choose yourself<
- Group Membership: Select admins and click >>Move to “Member of” list
Save.
Hereafter the user must be created in the RADIUS server.
Services → FreeRADIUS → Users → Add
- Username: Jim
- Password: None
- Password Encryption: Cleartext-Password
- Enable: One-Time Password (OTP)
- OTP Auth Method: Google-Authenticator
- Init-Secret: click "Generate OTP Secret"
- PIN: Enter a 4–8 digit PIN
- QR Code: Generate QR Code
Open Google Authenticator on your phone and scan the QR code.
Scroll down and Save.
Note: OTP works for local users only. LDAP and similar backends are not supported for this method.
6. How to Log In
Username: Jim
Password = PIN + OTP code
Example:
- PIN: 1234
- OTP: 556677
- Password entered: 1234556677
NOTE:
Instead of Google Authenticator you can use Microsoft Authenticator or Apple's Password app, Just scan the QR code and enable the code generation. If you have multiple defender make sure you rename them by swiping on the code and editing the name in the authenticator app.