Table of Contents
Advertisement
9.6 Setting the RADIUS Configuration
Services Configuration
Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software enabling remote access servers
to authenticate users and authorize their access to the access point managed network. RADIUS is a distributed client/server
system that secures networks against unauthorized access. RADIUS clients send authentication requests to the access point's
RADIUS server containing user authentication and network service access information.
RADIUS enables centralized management of authentication data (usernames and passwords). When a client attempts to
associate to a RADIUS supported access point, the access point sends the authentication request to the RADIUS server. The
authentication and encryption of communications between the access point and server takes place through the use of a shared
secret password (not transmitted over the network).
The access point's local RADIUS server stores the user database locally, and can optionally use a remote user database. It
ensures higher accounting performance. It allows the configuration of multiple users, and assign policies for the group
authorization.
WiNG managed access points have an internal RADIUS server resource. However, AP6511 and AP6521 models do not have an
onboard RADIUS server resource and an external resource must be used.
The access point allows the enforcement of user-based policies. User policies include dynamic VLAN assignment and access
based on time of day. The access point uses a default trustpoint. A certificate is required for EAP TTLS,PEAP and TLS RADIUS
authentication (configured with the RADIUS service).
Dynamic VLAN assignment is achieved based on the RADIUS server response. A user who associates to WLAN1 (mapped to
VLAN1) can be assigned a different VLAN after authentication with the RADIUS server. This dynamic VLAN assignment
overrides the WLAN's VLAN ID to which the user associates.
To view RADIUS configurations:
1. Select
Configuration
2. Select Services.
3. Select the
RADIUS
For information on creating the groups, user pools and server policies needed to validate user credentials against a server
policy configuration, refer to the following:
•
Creating RADIUS Groups
•
Defining User Pools
•
Configuring the RADIUS Server
9.6.1 Creating RADIUS Groups
Setting the RADIUS Configuration
The access point's RADIUS server allows the configuration of user groups with common user policies. User group names and
associated users are stored in the access point's local database. The user ID in the received access request is mapped to the
associated wireless group for authentication. Group configurations allow the enforcement of the following policies controlling
user access:
• The assignment of a VLAN to the user upon successful authentication
• The creation of a start and end of time in (HH:MM) when a user is allowed to authenticate
• The creation of a list of SSIDs to which a user belonging to this group is allowed to associate
• The ability to set the days of the week a user is allowed to login
• The ability to rate limit traffic
tab from the Web user interface.
option. The RADIUS Group screen displays (by default).
9 - 37
Hide quick links:
Advertisement
Table of Contents
