Motorola WS5100 Series Reference Manual page 344

6-74 WS5100 Series Switch System Reference Guide
Cert Trustpoint
CA Cert Trustpoint
NOTE: EAP-TLS will not work with a default trustpoint. Proper CA and Server trustpoints
must be configured for EAP-TLS. For information on configuring certificates for the switch,
see
4. Refer to the
configuration providing access to an external database used with the local Radius server.
IP Address
Port
Password Attribute
Bind DN
Bind Password
Base DN
User Login Filter
Group Filter
Group Membership
Attribute
Group Attribute
Net Timeout
5. Click the Apply
6. Click the Revert
configuration.
Click the View/Change
server automatically grants certificate enrollment requests. A trustpoint is a
representation of a CA or identity pair. A trustpoint contains the identity of the CA,
CA-specific configuration parameters, and an association with one enrolled
identity certificate. If the server certificate trustpoint is not used, the default
trustpoint is used instead.
Click the View/Change button to specify the CA certificate trustpoint from which
the Radius server automatically grants certificate enrollment requests. A
trustpoint is a representation of a CA or identity pair. A trustpoint contains the
identity of the CA, CA-specific configuration parameters, and an association with
one enrolled identity certificate.
If a CA trustpoint is not specified, the "default trustpoint's CA certificate is used
as a CA certificate. If the "Default trustpoint" does not have a CA certificate, the
server certificate is used as the CA certificate.
Creating Server Certificates on page
LDAP Server Details field to define the primary and secondary Radius LDAP server
Enter the IP address of the external LDAP server acting as the data source for the
Radius server. This server must be accessible from an active switch subnet .
Enter the TCP/IP port number for the LDAP server acting as the data source.
Enter the password attribute used by the LDAP server for authentication.
Specify the distinguished name to bind with the LDAP server.
Enter a valid password for the LDAP server.
Specify a distinguished name that establishes the base object for the search. The
base object is the point in the LDAP tree at which to start searching.
Enter the login used by the LDAP server for authentication.
Specify the group filters used by the LDAP server.
Specify the Group Member Attribute sent to the LDAP server when authenticating
users.
Specify the group attribute used by the LDAP server.
Enter a timeout value (between 1-10 seconds) the system uses to terminate the
connection to the Radius Server if no activity is detected.
button to save the changes made to within the screen.
button to cancel any changes made within the screen and revert back to the last saved
button to specify the trustpoint from which the Radius
6-81.