Table of Contents
Advertisement
or TTLS Protocol and pass the inner authentication protocol on to an external RADIUS
server or the BSC's own local user database for user authentication.
To configure the BSC's Internal 802.1x Authentication Server:
Edit the Local
Click the User authentication tab in the BSC administrator console.
1.
802.1X
2.
Click the Internal 802.1x Authentication tab on the Users page.The Edit the Local
Authentication
802.1X Authentication server page appears as shown in Figure 6-8.
server page
Local 802.1X
Enable server: The Enable checkbox is marked by default to make the server
1.
Authentication
available for user authentication.
server settings
Port: Enter the Port number on which the BSC will listen for 802.1x requests from APs.
2.
Note: Your access points must be configured with the BSC as their RADIUS server
and send requests on the same port number that you enter here.
AP Shared Secret: Enter the Shared Secret the AP uses to send 802.1x requests.
3.
Confirm: Re-enter the Shared Secret.
4.
External RADIUS
Optional. Complete this step only if you are going to pass the inner authentication
Server Settings
protocols to an External RADIUS Server for authentication.
1.
Enter the RADIUS address (IP) of the RADIUS server. If the field is blank, the protected
IP address of the BSC is assumed for Internal 802.1x configuration.
Enter the External RADIUS Server Port number to which to send authentications
2.
requests in the Port field.
Enter the Shared Secret the External RADIUS Server uses for communication in the
3.
Shared Secret field. Re-enter the Shared secret in the Confirm field.
Backup RADIUS
Optional. Enter Backup RADIUS Server Settings only if you have configured an External
Server Settings
RADIUS Server for authentication in the previous step and you have a backup RADIUS
server to which you are going to pass the inner authentication protocols should the
primary RADIUS server fail or otherwise lose communications with the BSC.
Enter the IP address of the RADIUS server in the RADIUS address field. If blank, the
1.
protected IP address of the BSC is assumed for Internal 802.1x configuration.
Enter the External RADIUS Server Port number to which to send authentications
2.
requests in the Port field.
Enter the Shared Secret the External RADIUS Server uses for communication in the
3.
Shared Secret field. Re-enter the Shared secret in the Confirm field.
LDAP Settings
Optional. In most cases, using 802.1x authentication requires a RADIUS server (e.g.
Cisco ACS, Funk, Microsoft Active Directory with IAS). However, if your organization has
LDAP authentication deployed and does not wish to alter it's authentication methodology,
select the Authenticate Against Local Users radio button to indicate that 802.1x
Authentication should be performed against an LDAP database. Selecting this radio
button also requires that you specify LDAP settings:
Check the Use LDAP instead of BSC Local DB checkbox.
1.
Select the LDAP server to authenticate against from the drop-down, or select Create to
2.
go to the New LDAP/Active Directory server page.
3.
Enter the LDAP Password Attribute Name.To authenticate against an LDAP server, the
Bluesocket Controller relies on a readable attribute containing the MD4 hash of the
user's password; it will not authenticate if the LDAP server stores the user password in
clear text. Several LDAP servers, such as OpenLDAP, support such an attribute by
default (OpenLDAP uses the ntpassword attribute).
BlueSecure™ Controller Setup and Administration Guide
The BSC Internal 802.1x Authentication Server
6-21
Advertisement
Table of Contents
