Configuring The Radius Server; Radius Overview - Motorola RFS7000 Series System Reference Manual
Rf switch
Hide thumbs
Also See for RFS7000 Series:
- Reference manual (732 pages) ,
- Troubleshooting manual (60 pages) ,
- Installation manual (31 pages)
Table of Contents
Advertisement
6.9 Configuring the Radius Server
Remote Authentication Dial-In User Service (Radius) is a client/server protocol and software enabling remote
access servers to communicate with the switch to authenticate users and authorize their access to the switch
managed network. For an overview on the switch's Radius deployment, see
Setting up Radius on the switch entails the following configuration activities:
•
Defining the Radius Configuration
•
Configuring Radius Authentication and Accounting
•
Configuring Radius Users
•
Configuring Radius User Groups
•
Viewing Radius Accounting Logs
NOTE For hotspot deployment, Motorola recommends using the switch's onboard Radius
server and built-in user database. This is the easiest setup option and offers a high
degree of security and accountability.
6.9.1 Radius Overview
Radius enables centralized management of switch authentication data (usernames and passwords). When a
MU attempts to associate to the Radius supported switch, the switch sends the authentication request to the
Radius server. The communications between the switch and server are authenticated and encrypted through
the use of a shared secret password (not transmitted over the network).
The switch's local Radius server stores the authentication data locally, but can also be configured to use a
remote user database. A Radius server as the centralized authentication server is an excellent choice for
performing accounting. Radius can significantly increase security by centralizing password management.
NOTE The switch can be configured to use its own local Radius server or an external
Radius server you define and configure. For information on the benefits and risks
of using the switch's resident Radius Server as opposed to an external Radius
Server, see
page
CAUTION When restarting or rebooting the switch, the Radius server is restarted
!
The Radius server defines authentication and authorization schemes for granting the access to wireless
clients. Radius is also used for authenticating hotspot and remote VPN Xauth. The switch can be configured
to use 802.1x EAP for authenticating wireless clients with a Radius server. The following EAP authentication
types are supported by the switch's onboard Radius server:
• TLS
• TTLS and MD5
• TTLS and PAP
• TTLS and MSCHAPv2
Using the Switch's Radius Server Versus an External Radius Server on
6-73.
regardless of its state before the reboot.
Switch Security
Radius Overview on page
6-71.
6-71
Advertisement
Table of Contents
