Mac Access Control Via Radius Authentication; 802.1X Authentication Using Radius; Radius Accounting; Session Length - Proxim AP-4000 User Manual
Orinoco ap-4000 access point user guide
Hide thumbs
Also See for AP-4000:
- User manual (274 pages) ,
- Specification sheet (2 pages) ,
- Configuration manual (6 pages)
Table of Contents
Advertisement
Performing Advanced Configuration
Radius Profiles
3. Click OK.
4. Select the Profile and click Edit to configure the Secondary RADIUS Server, if required.
MAC Access Control Via RADIUS Authentication
If you want to control wireless access to the network and if your network includes a RADIUS Server, you can store the list of MAC addresses
on the RADIUS server rather than configure each AP individually. You can define a RADIUS Profile that specifies the IP Address of the server
that contains a central list of MAC Address values identifying the authorized stations that may access the wireless network. You must specify
information for at least the primary RADIUS server. The back-up RADIUS server is optional.
NOTE
Each VLAN can be configured to use a separate RADIUS server (and backup server) for MAC authentication. MAC access control
can be separately enabled for each VLAN.
NOTE
Contact your RADIUS server manufacturer if you have problems configuring the server or have problems using RADIUS
authentication.
802.1x Authentication using RADIUS
You must configure a primary EAP/802.1x Authentication server to use 802.1x security. A back-up server is optional.
NOTE
Each VLAN can be configured to use a separate RADIUS server (and backup server) for 802.1x authentication. 802.1x
authentication ("EAP authentication") can be separately enabled for each VLAN.
RADIUS Accounting
Using an external RADIUS server, the AP can track and record the length of client sessions on the access point by sending RADIUS
accounting messages per RFC2866. When a wireless client is successfully authenticated, RADIUS accounting is initiated by sending an
"Accounting Start" request to the RADIUS server. When the wireless client session ends, an "Accounting Stop" request is sent to the RADIUS
server.
NOTE
Each VLAN can be configured to use a separate RADIUS accounting server (and backup accounting server).
Session Length
Accounting sessions continue when a client reauthenticates to the same AP. Sessions are terminated when:
•
A client disassociates.
•
A client does not transmit any data to the AP for a fixed amount of time.
•
A client is detected on a different interface.
If the client roams from one AP to another, one session is terminated and a new session is begun.
NOTE
This feature requires RADIUS authentication using MAC Access Control or 802.1x. Wireless clients configured in the Access Point's
static MAC Access Control list are not tracked.
Authentication and Accounting Attributes
Additionally, the AP supports a number of Authentication and Accounting Attributes defined in RFC2865, RFC2866, RFC2869, and RFC3580.
Authentication Attributes
•
State: Received in Access-Accept Packet by the AP during Authentication and sent back as-is during Re-Authentication.
•
Class: Received in Access-Accept Packet by the AP during Authentication and back as in Accounting Packets.
•
Session-Timeout
AP-4000 User Guide
88
Advertisement
Table of Contents
