Table of Contents
Advertisement
8. Define the following settings to add or modify AAA RADIUS authentication server configuration:
Server Id
Host
Port
Server Type
Secret
Request Proxy Mode
Proxy Mint Host
Request Attempts
Request Timeout
Retry Timeout Factor
DSCP
9. Set the following
Network Address Identifier (NAI) Routing
NAI Routing Enable
Realm
Define the numerical server index (1-6) for the authentication server to differentiate it
from others available to the access point's AAA policy.
Specify the IP address or hostname of the RADIUS authentication server. A valid hostname
cannot contain an underscore.
Define or edit the port on which the RADIUS server listens to traffic within then access
point managed network. The port range is 1 to 65,535. The default port is 1812.
Select the type of AAA server as either Host, onboard-self or onboard-controller. AP6511
and AP6521 models do not have an onboard authentication resource and must use an
external server or Virtual Controller AP resource.
Specify the secret used for authentication on the selected RADIUS server. By default the
secret will be displayed as asterisks.
Select the method of proxy that browsers communicate with the RADIUS authentication
server. The mode could either be None, Through Wireless Controller or Through RF
Domain Manager.
Specify the hostname (if the device is a Level-1 MiNT neighbor) or the Mint-ID of the Mint
device to proxy hosts through.
Specify the number of attempts a client can retransmit a missed frame to the RADIUS
server before it times out of the authentication session. The available range is from 1 - 10.
The default is 3.
Specify the time from 1 - 60 seconds for the access point's re-transmission of request
packets. If this time is exceeded, the authentication session is terminated. The default is
3 seconds.
Specify the time from 50 - 200 seconds between retry timeouts for the access points's re-
transmission of request packets. The default is 100.
Specify the DSCP value as a 6-bit parameter in the header of every IP packet used for
packet classification. The valid range is from 0 - 63, with a default value of 46.
Select this check box to enable NAI routing. AAA servers identify clients using the NAI.
The NAI is a character string in the format of an E-mail address as either user or user@
but it need not be a valid E-mail address or a fully qualified domain name. NAI can be used
either in a specific or generic form. The specific form, which must contain the user portion
and may contain the @ portion, identifies a single user. Each user still needs a unique
security association, but these associations can be stored on a AAA server. The original
purpose of NAI was to support roaming between dialup ISPs. Using NAI, each ISP need
not have all the accounts for all of its roaming partners in a single RADIUS database.
RADIUS servers can proxy requests to remote servers for each user credential.
Enter the realm name in the field. The name cannot exceed 64 characters. When the
access point RADIUS server receives a request for a user name the server references a
table of user names. If the user name is known, the server proxies the request to the
RADIUS server.
settings:
7 - 19
Hide quick links:
Advertisement
Table of Contents
