Chapter 7 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Customizing CN3000 and customer settings - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 7

Creating customer profiles on the RADIUS server

You must create at least one RADIUS customer profile. Multiple customer accounts can

be associated with a single RADIUS profile.

Supported

This section presents all RADIUS and Colubris attributes that are supported by for a

CN3000 profile.

RADIUS

Note: In the following definitions, strings are defined as 1 to 253 characters in length.

attributes

Access request

• Acct-Session-Id (32-bit unsigned integer): Random value generated by the CN3000.

• NAS-Identifier (string): The NAS ID set on the Security > RADIUS page for the profile

• NAS-Ip-Address (32-bit unsigned integer): The IP address of the port the CN3000 is

• NAS-Port (32-bit unsigned integer): A virtual port number starting at 1. Assigned by

• NAS-Port-Type (32-bit unsigned integer): Always set to 19, which represents

• Calling-Station-Id (string): MAC address of the customer's station in IEEE format. For

• Called-Station-Id (string): This is set to the MAC address of the CN3000's wireless/

• State (string): As defined in RFC 2865.

• Framed-IP-Address (32-bit unsigned integer): IP Address of the CN3000's LAN port.

• Framed-MTU (32-bit unsigned integer): Hard-coded value of 1496. The value is

• Connect-Info (string): The string "HTTPS" or "IEEE802.1X".

• Service-Type (32-bit unsigned integer): As defined in the config.cfg file. Token name =

• Message-Authenticator (string): As defined in RFC 2869. Always present even when

• User-Name (string): The username assigned to the customer or a device when using

• User-Password (string): The password supplied by a customer or device when logging

• Colubris-AVPair: See page

The following attributes are mutually exclusive depending on the RADIUS authentication

method.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 164 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

being used.

using to communicate with the RADIUS server.

the CN3000.

WIRELESS_802_11.

example: 00-02-03-5E-32-1A.

LAN port in IEEE format. For example: 00-02-03-5E-32-1A. To use the MAC address

of the Internet port, you must edit the config file and change the setting of radius-

called-station-id-port to WAN in the <ACCESS-CONTROLLER> section.

If location-aware authentication is enabled, see

page 125

for the value of this attribute.

always four bytes lower than the wireless MTU maximum which is 1500 bytes in order

to support IEEE802dot1x authentication.

service-type-user.

not doing an EAP authentication. length = 16 bytes.

MAC authentication.

in. Encoded as defined in RFC 2865. Only present when the authentication method

for the RADIUS profile is set to PAP.

"Location-aware authentication" on

169

for details.

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Creating Customer Profiles On The Radius Server; Supported Radius Attributes - Colubris Networks CN3000 Administrator's Manual