Motorola WS2000 - Wireless Switch - Network Management Device System Reference Manual page 91

5. The administrator can specify a
server. Shared secrets are used to verify that RADIUS messages (with the exception of the Access-
Request message) are sent by a RADIUS-enabled device that is configured with the same shared secret.
The shared secret is a case-sensitive string that can include letters, numbers, or symbols. Make the
shared secret at least 22 characters long to protect the RADIUS server from brute-force attacks.
Reauthentication Settings
6. Check the Enable Reauthentication
7. In the Period field, set the EAP reauthentication period to match the appropriate level of security. A
shorter time interval (~30 seconds or longer) provides tighter security on this WLAN's wireless
connections. A longer interval (5000-9999 seconds) relaxes security on wireless connections. The
reauthentication period setting does not affect a wireless connection's throughput. The engaged Access
Port continues to forward traffic during the reauthentication process.
8. In the Max. Retries
after failing to complete the EAP process. If the mobile unit fails the authentication process in specified
number of retries, the switch will terminate the connection to the mobile unit.
Advanced Settings
9. The MU Quiet Period
mobile unit's authentication attempts, as required by the server.
10.The MU Timeout field allows the administrator to specify the time (in seconds) for the mobile unit's
retransmission of EAP-Request packets.
11.The MU Tx Period field allows the administrator to specify the time period (in seconds) for the server's
retransmission of the EAP-Request/Identity frame.
12.The MU Max Retries
unit to retransmit an EAP-Request frame to the server before it times out the authentication session.
Note that this is a different value from the Max Retry field at the top of the window.
13.The Server Timeout
server's transmission of EAP Transmit packets.
14.The Server Max Retries
server to retransmit an EAP-Request frame to the client before it times out the authentication session.
Note that this is a different value from the
NOTE: When changing the
a known bug that can cause RADIUS authentication to fail.
RADIUS Client Accounting and Syslog Setup
15.Use the Enable Accounting
(CF) card.
16.If accounting is enabled, enter the maximum amount of time a client will wait for an acknowledgement
from the RADIUS accounting server before resending the accounting packet in the
the Retries field, enter the maximum number of times for the client will resend the accounting packet to
the RADIUS accounting server before giving up.
17.To enable 802.1x EAP message logging to an external Syslog server, check the
then specify the IP address of the syslog server in the
RADIUS Shared Secret
checkbox to enable this authentication method.
field, set the maximum number of retries for a client to successfully reauthenticate
field allows the administrator to specify the idle time (in seconds) between a
field allows the administrator to set the maximum number of times for the mobile
field indicates the maximum time (in seconds) that the switch will wait for the
field allows the administrator to set the maximum number of times for the
Max. Retries
Server Max Retries setting to anything other than the default value, there is
checkbox to enable saving the RADIUS logs on the device's Compact Flash
Wireless Configuration
for authentication on the primary RADIUS
field at the top of the window.
Enable Syslog
Syslog Server IP field.
5-9
MU Timeout field. In
box and