Configuring Aaa And Radius Settings; Table 9: Global Radius Server - D-Link DWS-3000 Series User Manual

Software User Manual
02/15/2011

Configuring AAA and RADIUS Settings

In the D-Link Unified Access System, you can use a RADIUS server for the following functions:
• Management of client-to-AP authentication and accounting
• Management of AP-to-Switch authentication and accounting
• Database for AP settings
The information in this section applies to the client-to-AP authentication and accounting management. For information about
AP-to-switch management, see
set AP database settings in the RADIUS server, see
The RADIUS server that you configure from the Administration > Basic Setup > AAA/RADIUS tab is the RADIUS server
for the default AP profile. For each network, you can configure a unique RADIUS server or use the default RADIUS server.
When you use a RADIUS server for wireless client-to-AP communications, such as when clients use WPA Enterprise or
WEP IEEE 802.1X security to connect to the AP, the AP is the RADIUS client and communicates with the RADIUS server.
The Unified Switch does not tunnel packets between the AP and RADIUS server. This means that you must configure the
AP as a client in the RADIUS server. For information about how configure RADIUS clients, see
External RADIUS Server".
Field Description
IP Address This is the IP address of the
Secret The RADIUS secret is the shared secret key for the RADIUS server. Click the Edit check box to
enter a secret. The text you enter is displayed as "*" characters to prevent others from seeing the
RADIUS key as you type.
Backup IP The IP address of the backup radius server.
Address
Backup Secret The RADIUS secret of the backup radius server.
Accounting RADIUS Accounting allows you to track and measure the resources a particular user has consumed
such as system time and amount of data transmitted and received.
Failthrough Mode Select the Failthrough Mode option to enable the radius fail-through feature. Clear the option to
disable the feature.
Profile Name The name of the AP profile. For example, the name Default.
Note: If you access the RADIUS and MAC Authentication configuration information from the AP Profile page, the
Profile Name field also appears. To rename the profile, delete the existing name and enter the new name in the
field, then click Submit.
On the AAA/RADIUS tab, you can also configure a global list containing the MAC addresses of wireless clients to allow or
deny access to APs. The list only applies to profiles that use local MAC Authentication, which is an SSID setting. MAC
Authentication is disabled by default. For information about enabling MAC Authentication, see
Network" on page 88.
If you select Allow as the default action, the wireless clients you add to the Allow MAC List can connect to the AP, and all
other wireless clients are denied. If you select Deny as the default action, the wireless clients with the MAC addresses that
you add to the Deny MAC list cannot associate with the AP.
Document 34CS3000-SWUM104-D10
"Using the RADIUS Database for AP Validation" on page
Table 9 describes the fields you can configure for the default AP profile RADIUS server.

Table 9: Global RADIUS Server

RADIUS
Appendix B "Configuring the External RADIUS
server the AP uses for authentication.
D-Link Unified Access System
73. For information about how to
Server".
Appendix B "Configuring the
"Configuring the Default
Page 79