Symbol WS5000 Series System Reference Manual page 102

6-22
WS5000 Series Switch System Reference Guide
Table 6.9 describes the EAP authentication settings and Radius identification settings to be configured.
Table 6.9 EAP Authentication Settings and Radius Identification Settings
Setting
Authentication Settings
Pre-authentication
Opportunistic PMK Caching
Reauthentication Period
Max Retries
Radius Server Identification
Radius Server Name/IP
Radius Port
Radius Shared Secret
Advanced Settings
(In general, default settings are acceptable. Only experienced Radius users should modify these values.)
Quiet Period
Supplicant Timeout
Tx Period
Description
When enabled, pre-authentication (or "fast-associate in advance") lets an access
port send a mobile unit's authentication credentials (from a previous Radius
authentication attempt) to the "next" access port. This feature enhances fast
roaming between APs.
When enabled, Pairwise Master Key (PMK) Caching tells the access ports to
cache the mobile unit's credentials as they (the MUs) are authenticated. If the
MU roams away from that AP and then back again, the MU doesn't have to re-
authenticate.
Specifies the time interval, in seconds, after which mobile units are forced to
reauthenticate with the Radius server. Valid values are in the range [30, 65535]
seconds; the default is 3600 seconds (1 hour). To edit the Reauthentication value,
click the corresponding checkbox.
Specifies the number of times a mobile unit can try to authenticate during the
reauthentication phase. Valid values are in the range [1, 99]; the default is 5
attempts. A value of 1 means if the first reauthentication attempt fails, the
mobile unit will not be allowed to (re)associate with the switch.
Specify the IP addresses or fully-qualified domain names of the servers. Radius
Port
Radius UDP authentication port. This is the port number, in the range [1, 65535,
that the wireless switch uses to send requests to the Radius server. The default
is 1812.
Specify the key used to encrypt communication between the wireless switch and
the Radius server(s). The secret that you supply here must match the secret that
was specified when the wireless switch was added as a client of the Radius
server. You have to add the switch to the Radius server using tools that are
provided by the Radius server itself. In other words, the switch can't "push" itself
onto the server, the server must "pull" the switch into its client corral.
Specifies how long the switch waits, in seconds, between (failed) attempts to
authenticate an MU.
Specifies how long the switch waits, in seconds, for an authenticated-but-
recently-dissociated MU to respond to a re-associate request. When the
supplicant timeout expires, the MU will need to re-authenticate before re-
associating.
Specifies how long the switch waits, in seconds, for an MU to respond to a
"request identity" message. After the Tx period expires, the switch sends another
"request identity" to the MU. When the MU responds to the message, the
authentication process begins.