Table of Contents
Advertisement
Authentication and User Management
14.4 Configuring Authentication Servers
14.4.4
Enabling RADIUS Communication over TLS
You can configure an AP to use Transport Layer Security (TLS) tunnel and to enable secure
communication between the RADIUS server and AP clients. Enabling RADIUS
communication over TLS increases the level of security for authentication that is carried out
across the cloud network. When configured, this feature ensures that RadSec protocol is
used for safely transmitting the authentication and accounting data between the AP clients
and the RADIUS server in cloud.
The following configuration conditions apply to RadSec configuration:
● When the TLS tunnel is established, RADIUS packets will go through the tunnel and
server adds CoA on this tunnel.
● By default, the TCP port 2083 is assigned for RadSec. Separate ports are not used for
authentication, accounting, and dynamic authorization changes.
● SCALANCE W supports dynamic CoA (RFC 3576) over RadSec and the RADIUS server
uses an existing TLS connection opened by the AP to send the request.
● For authentication between the AP clients and the TLS server, RadSec certificate must
be uploaded to AP. For more information on uploading certificates, see Uploading
Certificates (Page 238).
Configuring RadSec Protocol
You can configure RadSec Protocl using the SCALANCE W UI or the CL:
In the SCALANCE W UI
To configure the RadSec protocol in the UI:
1. Navigate to Security > Authentication Servers. The Security window is displayed.
2. To create a new server, click New. A popup window for specifying details for the new
server is displayed.
214
Configuration Manual, 02/2018, C79000-G8976-C451-02
SCALANCE W1750D UI
Hide quick links:
Advertisement
Table of Contents
