Mac Access Control Via Radius Authentication - Proxim ORINOCO AP-600B User Manual

The back-up servers are optional, but when configured, the AP-600 will communicate with the back-up server if the
primary server is off-line. After the AP-600 has switched to the backup server, it will periodically check the status of the
primary RADIUS server every five (5) minutes. Once the primary RADIUS server is again online, the AP-600
automatically reverts from the backup RADIUS server back to the primary RADIUS server. All subsequent requests
are then sent to the primary RADIUS server.

MAC Access Control Via RADIUS Authentication

If you want to control wireless access to the network and if your network includes a RADIUS Server, you can store the
list of MAC addresses on the RADIUS server rather than configure each AP-600 individually. From the RADIUS
Authentication tab, you can define the IP Address of the server that contains a central list of MAC Address values that
identify the authorized stations that may access the wireless network. You must specify information for at least the
primary RADIUS server. The back-up RADIUS server is optional.
1 2 7 ( 1 2 7 ( 1 2 7 ( 1 2 7 (
Contact your RADIUS server manufacturer if you have problems configuring the server or have problems
using RADIUS authentication.
Follow these steps to enable RADIUS MAC Access Control:
1. Within the RADIUS Access Control Configuration screen, place a check mark in the box labeled Enable
RADIUS MAC Access Control.
2. Place a check mark in the box labeled Enable Primary RADIUS Authentication Server.
3. If you want to configure a back-up RADIUS server, place a check mark in the box labeled Enable Back-up
RADIUS Authentication Server.
4. Enter the time, in seconds, each client session may be active before being automatically re-authenticated in the
Authentication Lifetime field. This parameter supports a value between 60 and 43200 sec; the default is 900 sec.
5. Select a MAC Address Format Type. This should correspond to the format in which the clients' 12-digit MAC
addresses are listed within the RADIUS server. Available options include:
• Dash delimited: dash between each pair of digits: xx-yy-zz-aa-bb-cc
• Colon delimited: colon between each pair of digits: xx:yy:zz:aa:bb:cc)
• Single dash delimited: dash between the sixth and seventh digits: xxyyzz-aabbcc
• No delimiters: No characters or spaces between pairs of hexadecimal digits: xxyyzzaabbcc
6. Select a Server Addressing Format type (IP Address or Name).
• If you want to identify RADIUS servers by name, you must configure the AP-600 as a DNS Client. See
Client for details.
7. Enter the server's IP address or name in the field provided.
8. Enter the port number which the AP-600 and the server will use to communicate. By default, RADIUS servers
communicate on port 1812.
9. Enter the Shared Secret in the Shared Secret and Confirm Shared Secret field. This is a password shared by the
RADIUS server and the AP-600. The same password must also be configured on the RADIUS server.
10. Enter the maximum time, in seconds, that the AP-600 should wait for the RADIUS server to respond to a request in
the Response Time field. Range is 1-10 seconds; default is 3 seconds.
11. Enter the maximum number of times an authentication request may be retransmitted in the Maximum
Retransmissions field. Range is 1-4; default is 3.
12. If you are configuring a back-up server, repeat Steps 6 through 11 for the back-up server.
13. Click OK to save your changes.
14. Reboot the AP-600 device for these changes to take effect.
Advanced Configuration
DNS
64