Proxy To External Radius Server; Ldap; Accounting; Configuring Onboard Radius Server Using Cli - Motorola WS5100 Series Migration Giude

Hide thumbs Also See for WS5100 Series:

Cli reference manual (492 pages)

Reference manual (444 pages)

Troubleshooting manual (100 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

Table of Contents

Each user group can be configured to be a part of one vlan. All the users in that particular group will be

assigned with the same vlan id. If the vlan-type is user-based then the users will become the part of a

configured vlan. If the user group is not configured with a particular vlan then the user will be assigned with

the default vlan ID 1.

9.1.4 Proxy to External Radius Server

Proxy realms is configured on the WS5100 switch, which has the details of the external radius server to

which the corresponding realm users are to be proxied.

The obtained user ID will be parsed in the format (user@realm, realm/user, user%realm) to determine which

proxy Radius server has to be used.

9.1.5 LDAP

In the Radius configuration, the onboard user database is used, while this may be an optimal solution for

smaller enterprises, it may not be well suited for a very large enterprise. Specially those customer who have

rolled out Active Directory services across their enterprise.

External data source based on LDAP can be used to authorize the users. Radius server looks for the user

credentials in the configured external LDAP server and authorizes the users, in case LDAP is used as a data

source for the users.

The WS5100 switch supports two LDAP server configurations are supported.

9.1.6 Accounting

Accounting should be initiated by the radius client. Once the Local/Onboard radius server is started, it will

listen for both authentication and accounting records.

Administrators can retrieve the files using TFTP from the CLI and SNMP initiated TFTP. Accounting log file

generated can be listed both in the applet and the CLI. The WS5100 switch also supports directing the

accounting logs to external accounting server or a syslog server.

9.2 Configuring Onboard Radius Server using CLI

To configure Onboard Radius Server follow the CLI commands mentioned below:

1. Enter into radius-server context and configure the local radius server.

WS5100(config)# radius-server local

2. Configure the authentication data source.The authentication data source can be set to local or remote

ldap server.

WS5100(config-radsrv)# authentication data-source local

3. Configure EAP type and Authentication type.

WS5100(config-radsrv)# authentication eap-auth-type all

9-3

Radius

Table of Contents

Proxy To External Radius Server; Ldap; Accounting; Configuring Onboard Radius Server Using Cli - Motorola WS5100 Series Migration Giude

9.1.4 Proxy to External Radius Server

9.1.5 LDAP

9.1.6 Accounting

9.2 Configuring Onboard Radius Server using CLI

Related Manuals for Motorola WS5100 Series

Related Content for Motorola WS5100 Series

Table of Contents