Motorola RFS7000 Series System Reference Manual page 362

6-78 Switch Security
Cert Trustpoint
CA Cert Trustpoint
NOTE EAP-TLS will not work with a default trustpoint. Proper CA and Server trustpoints
must be configured for EAP-TLS. For information on configuring certificates for use
with the switch, see
4. Refer to the LDAP Server Details
configuration providing access to an external database used with the local Radius server.
IP Address
Port
Password Attribute
Bind DN
Bind Password
Base DN
User Login Filter
Group Filter
Group Membership
Attribute
Group Attribute
Net Timeout
5. Click the Apply button to save the changes made to within the screen.
Click the View/Change button to specify the trustpoint from
which the Radius server automatically grants certificate enrollment
requests. A trustpoint is a representation of a CA or identity pair. A
trustpoint contains the identity of the CA, CA-specific configuration
parameters, and an association with one enrolled identity
certificate. If the server certificate trustpoint is not used, the
default trustpoint is used instead.
Click the View/Change button to specify the CA certificate
trustpoint from which the Radius server automatically grants
certificate enrollment requests. A trustpoint is a representation of
a CA or identity pair. A trustpoint contains the identity of the CA,
CA-specific configuration parameters, and an association with one
enrolled identity certificate.
If a CA trustpoint is not specified, the "default trustpoint's CA
certificate is used as a ca certificate. If the "Default trustpoint"
does not have a CA certificate, the server certificate itself will be
used as the CA certificate.
Creating Server Certificates on page
field to define the primary and secondary Radius LDAP server
Enter the IP address of the external LDAP server acting as the data
source for the Radius server. This server must be accessible from
an active subnet on the switch.
Enter the TCP/IP port number for the LDAP server acting as the
data source.
Enter the password attribute used by the LDAP server for
authentication.
Specify the distinguished name to bind with the LDAP server.
Enter a valid password for the LDAP server.
Specify a distinguished name that establishes the base object for
the search. The base object is the point in the LDAP tree at which
to start searching.
Enter the login used by the LDAP server for authentication.
Specify the group filters used by the LDAP server.
Specify the Group Member Attribute sent to the LDAP server
when authenticating users.
Specify the group attribute used by the LDAP server.
Enter a timeout value the system uses to terminate the connection
to the Radius Server if no activity is detected.
6-86.