Radius Profiles; Radius Servers Per Authentication Mode And Per Vlan - Proxim AP-4000 User Manual

Performing Advanced Configuration

Radius Profiles

Radius Profiles
Configuring Radius Profiles on the AP allows the administrator to define a profile for RADIUS Servers used by the system or by a VLAN. The
network administrator can define
The AP communicates with the RADIUS server defined in a profile to provide the following features:
• MAC Access Control Via RADIUS Authentication
• 802.1x Authentication using RADIUS
• RADIUS Accounting
Also, RADIUS Based Management Access
The network administrator can configure default RADIUS authentication servers to be used on a system-wide basis, or in networks with
VLANs enabled the administrator can also configure separate authentication servers to be used for MAC authentication, EAP authentication,
or Accounting in each VLAN. You can configure the AP to communicate with up to six different RADIUS servers per VLAN/SSID:
• Primary Authentication Server (MAC-based authentication)
• Back-up Authentication Server (MAC-based authentication)
• Primary Authentication Server (EAP/802.1x authentication)
• Back-up Authentication Server (EAP/802.1x authentication)
• Primary Accounting Server
• Back-up Accounting Server
The back-up servers are optional, but when configured, the AP will communicate with the back-up server if the primary server is off-line. After
the AP has switched to the backup server, it will periodically check the status of the primary RADIUS server every five (5) minutes. Once the
primary RADIUS server is again online, the AP automatically reverts from the backup RADIUS server back to the primary RADIUS server. All
subsequent requests are then sent to the primary RADIUS server.
You can view monitoring statistics for each of the configured RADIUS servers.

RADIUS Servers per Authentication Mode and per VLAN

The user can configure separate RADIUS authentication servers for each authentication mode and for each SSID (VLAN). For example:
• The user can configure separate RADIUS servers for RADIUS MAC authentication and 802.1x authentication
• The user can configure separate RADIUS servers for each VLAN: the Sales VLAN could support only WEP clients, whereas the
Marketing VLAN could support 802.1x and WEP clients.
Figure 4-32 RADIUS Servers per VLAN
This figure shows a network with separate authentication servers for each authentication type and for each VLAN. The clients in VLAN 1 are
authenticated using the authentication servers configured for VLAN 1. The type of authentication server used depends on whether the
authentication is done for an 802.1x client or a non-802.1x client. The clients in VLAN 2 are authenticated using a different set of
authentication servers configured for authenticating users in VLAN 2.
RADIUS Servers per Authentication Mode and per
allows centralized user management.
VLAN.
AP-4000 User Guide
85