Siemens SCALANCE W1750D UI Configuration Manual page 210

Authentication and User Management
14.4 Configuring Authentication Servers
– LDAP—To configure an LDAP server, select the option and configure the attributes
210
Parameter Description
RFC 3576 Select Enabled to allow the APs to process RFC 3576-compliant Change
of Authorization (CoA) and disconnect messages from the RADIUS server.
Disconnect messages cause a user session to be terminated immediately,
whereas the CoA messages modify session authorization attributes such
as data filters.
NAS IP Allows you to configure an arbitrary IP address to be used as RADIUS
attribute 4, NAS IP Address, without changing source IP Address in the IP
address
header of the RADIUS packet.
NOTE: If you do not enter the IP address, the VC IP address is used by
default when Dynamic RADIUS Proxy is enabled.
NAS Allows you to configure strings for RADIUS attribute 32, NAS Identifier, to
be sent with RADIUS requests to the RADIUS server.
Identifier
Dead Time Specify a dead time for authentication server in minutes.
When two or more authentication servers are configured on the AP and a
server is unavailable, the dead time configuration determines the duration
for which the authentication server would be available if the server is
marked as unavailable.
Dynamic Specify the following dynamic RADIUS proxy (DRP) parameters:
RADIUS
DRP IP—IP address to be used as source IP for RADIUS packets.
•
proxy parameters
DRP Mask—Subnet mask of the DRP IP address.
•
DRP VLAN—VLAN in which the RADIUS packets are sent.
•
DRP Gateway—Gateway IP address of the DRP VLAN.
•
For more information on dynamic RADIUS proxy parameters and configu-
ration procedure, see Configuring Dynamic RADIUS Proxy Parameters
(Page 216).
To assign the RADIUS authentication server to a network profile, select the newly
added server when configuring security settings for a wireless or wired network profile.
Note
ou can also add an external RADIUS server by selecting the New option when config-
uring a WLAN or wired profile. For more information, see Configuring Security Settings
for a WLAN SSID Profile (Page 120) and Configuring Security Settings for a Wired
Profile (Page 151).
described in the following table:
Parameter Description
Name Enter a name for the server.
IP address Enter the IP address of the LDAP server.
Auth port Enter the authorization port number of the LDAP server. The default port
number is 389.
Admin-DN Enter a distinguished name for the admin user with read/search privileges
across all the entries in the LDAP database (the user need not have write
privileges, but the user must be able to search the database, and read
attributes of other users in the database).
Admin password Enter a password for administrator.
Base-DN Enter a distinguished name for the node that contains the entire user da-
tabase.
Configuration Manual, 02/2018, C79000-G8976-C451-02
SCALANCE W1750D UI