Creating A Profile For The Cn3000 On The Radius Server; Standard Radius Attributes - Colubris Networks CN3000 Administrator's Manual

Chapter 7 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Customizing CN3000 and customer settings - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 7

Creating a profile for the CN3000 on the RADIUS server

Before it can activate the public access interface, the CN3000 must log into a RADIUS
server and retrieve certain operating settings that you must define. Therefore, you must
create at least one RADIUS profile for use by the CN3000. If you have multiple
CN3000s, they can all be associated with a single RADIUS profile.
Standard This section presents all standard RADIUS attributes that are supported by a CN3000
profile.
RADIUS
Note: In the following definitions, strings are defined as 1 to 253 characters in length.
attributes
Access request
• Acct-Session-Id (32-bit unsigned integer): Random value generated per
• NAS-Identifier (string): The NAS ID set on the Security > RADIUS page for the
• NAS-Ip-Address 32-bit unsigned integer): The IP address of the port the CN3000 is
• NAS-Port (32-bit unsigned integer): Always 0.
• NAS-Port-Type (32-bit unsigned integer): Always set to 19, which represents
• Calling-Station-Id (string): The MAC address of the CN3000's LAN port in IEEE
• Called-Station-Id (string): By default, this is set to the MAC address of the CN3000's
• Framed-IP-Address (32-bit unsigned integer): IP Address of the CN3000's LAN port.
• User-Name (string): The username assigned to the CN3000 on the Security >
• State (string): As defined in RFC 2865.
• Framed-MTU (32-bit unsigned integer): Hard-coded to 1496 (802.1x).
• Connect-Info (string): The string "HTTPS" or "IEEE802.1X".
• Service-Type (32-bit unsigned integer): As defined in the config.cfg file. Token name =
• Message-Authenticator (string): As defined in RFC 2869. Always present even when
• Colubris-AVPair: See the description in the section that follows.
The following attributes are mutually exclusive depending on the RADIUS authentication
method.
• User-Password (string): The password assigned to the CN3000 on the Security >
• CHAP-Password (string): The password assigned to the CN3000 on the Security >
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 150 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
authentication by the CN3000.
RADIUS profile being used.
using to communicate with the RADIUS server.
WIRELESS_802_11.
format. For example: 00-02-03-5E-32-1A.
wireless/LAN port in IEEE format. For example: 00-02-03-5E-32-1A. To use the MAC
address of the Internet port, you must edit the config file and change the setting of
radius-called-station-id-port to WAN in the <ACCESS-CONTROLLER> section.
Authentication page.
service-type-device.
not doing an EAP authentication. length = 16 bytes.
Authentication page. Encoded as defined in RFC 2865. Only present when the
authentication method for the RADIUS profile is set to PAP.
Authentication page. Encoded as defined in RFC 2865. Only present when the
authentication method for the RADIUS profile is set to CHAP.