Table of Contents
Advertisement
Chapter 9: Common Configuration Examples
Server Role: Primary
To provide server redundancy, you can configure up to four RADIUS servers, designating one as the primary server and the
others as backup servers. The RADIUS authenticators only send RADIUS authentication requests to the backup servers when
the primary server becomes unreachable. Because only one RADIUS server is configured in this example, it must be designated
as the primary.
To add the RADIUS authentication server to the AAA client settings configuration, click Apply.
In the Advanced Settings section, you can change the RADIUS authentication port number, enable RADIUS accounting, and
change the RADIUS accounting port number. For this example, keep their default values.
Authentication Port: 1812
UDP port 1812 is the default port number on which RADIUS servers listen for authentication requests. In this example,
the RADIUS server is using the default port number. If your RADIUS server listens on a different port, make sure that you
enter that port number here.
Accounting Port: 1813
UDP port 1813 is the default port number on which RADIUS accounting servers listen for accounting reports. In this
example, accounting is not enabled, so this setting is irrelevant.
You can expand the Optional Settings section at the bottom of the page to modify additional settings pertaining to RADIUS;
however, the default settings work well for this example and do not need to be changed.
Retry Interval: 600 seconds (the default setting)
This field is only relevant when both primary and backup RADIUS authentication servers are configured. The retry interval
defines how long a SmartPath AP RADIUS authenticator waits before retrying a previously unresponsive primary RADIUS
server, even if the current backup server is responding. When there is only a single RADIUS authentication server, as in
this example, the retry interval does not matter.
Accounting Interim Update Interval: 20 seconds (the default setting)
This setting defines the interval for sending RADIUS accounting updates to report the status and cumulative length of
RADIUS supplicant sessions. This setting is important when enforcing RADIUS accounting, which is not involved in the
present example. Therefore, this setting is irrelevant here.
Permit Dynamic Change of Authorization Messages (RFC 3576): (clear; the default setting)
This option allows SmartPath AP RADIUS authenticators to accept unsolicited disconnect and Change of Authorization
(CoA) messages from the RADIUS authentication server by enabling the dynamic authorization extension provided in RFC
3576, Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS). "Disconnect" messages
terminate a user's session immediately, and CoA messages modify session authorization attributes such as VLANs and
user profile IDs. The ability for SmartPath AP RADIUS authenticators to accept these messages from the RADIUS authen-
tication server is not required in this example, so it remains disabled.
To save the configuration as "RADIUS-10.1.1.10" and close the dialog box, click Save.
Defining an SSID with 802.1X/EAP Authentication
Define an SSID that supports 802.1X/EAP authentication and directs the SmartPath AP RADIUS authenticators to forward
authentication requests from RADIUS supplicants to the RADIUS authentication server that you just defined.
Click "Configuration > SSIDs > New," enter the following, leave all other values at their default settings, and then click "Save:"
Profile Name: corp-wifi
SSID: corp-wifi
Page 102
724-746-5500 | blackbox.com
Advertisement
Chapters
Table of Contents
