Table of Contents
Advertisement
Description: Employee and IT WLAN access; 802.1X
SSID Access Security: WPA/WPA2 802.1X (Enterprise)
Use Default 802.1X Settings: (select)
By default, when a SmartPath AP hosts a WPA/WPA2 802.1X (Enterprise) SSID, it negotiations with clients over the use
of WPA or WPA2 for key management and TKIP or CCMP (AES) for encryption, and uses whichever methods each client
supports. The SmartPath AP and client use EAP (802.1X) for authentication through an external RADIUS server.
RADIUS Server: RADIUS-10.1.1.10
User profile assigned if no attribute is returned from RADIUS after successful authentication: Emp(1)
The SmartPath AP RADIUS authenticator applies the user profile "Emp(1)" to users if the RADIUS authentication server
successfully authenticates them and returns a Tunnel-Private-Group-ID attribute that matches the attribute for this user
profile (1). The SmartPath AP also applies this profile to users if the RADIUS authentication server does not return any
attributes.
If the RADIUS server authenticates a user and returns attributes that do not match an existing user profile, the user
profile lookup will fail and SmartPath AP will reject the client.
User profiles assigned via attributes returned from RADIUS after successful authentication: Click IT(2) in the Available User
Profiles list, and then click the right arrow ( > ) to move it to the Selected User Profiles list.
The SmartPath AP RADIUS authenticator applies the "IT(2)" user profile only if the RADIUS authentication server returns
a Tunnel-Private-Group-ID attribute matching the attribute for this user profile (2).
Only the selected user profiles can be assigned via RADIUS for use with this SSID: (clear)
When cleared, this setting allows access to authenticated users even when the Tunnel-Private-Group-ID attribute that the
RADIUS authentication server returns matches another user profile configured on the SmartPath AP but not specified for
this SSID. If you do not mind granting access to all valid user accounts on the RADIUS authentication server, disable this
option by clearing the checkbox. This is the default setting.
On the other hand, if you want to restrict access to authenticated users only when the RADIUS authentication server
returns attributes that match one of the specified user profiles for the SSID, enable this option by selecting the checkbox
and then specifying the action that you want to the SmartPath AP to take: ban the client for a period of time, ban it
indefinitely, or simply disconnect it. You might want to enable this if the RADIUS authentication server contains accounts
for users other than employees and IT staff—perhaps there are accounts for contractors and guests. Even though the
server would approve authentication requests from such users if they submitted a correct user name and password, you
might not want them to use this SSID to access the WLAN.
SSID Broadcast Band: 2.4 GHz (11n/b/g)
Assigning an SSID to the 2.4-GHz radio in access mode allows SmartPath APs to use their second radio, which operates
at 5 GHz, for wireless backhaul communications.
Applying the RADIUS and SSID Settings to SmartPath APs
1. Click Configuration > WLAN Policies > (select the name of a WLAN policy that has already been applied to the SmartPath APs)
> Add/Remove SSID Profile, select corp-wifi in the Available SSID Profiles list, click the right arrow ( > ) to move it to the
Selected SSID Profiles list, click Apply to add the SSID to the WLAN policy, and then click Save to save the modified policy and
close its dialog box.
2. Click Monitor > Access Points > SmartPath APs > (checkboxes for the two SmartPath AP RADIUS authenticators) > Update >
Upload and Activate Configuration, enter the following, and then click Upload:
Upload and activate configuration: (select)
Chapter 9: Common Configuration Examples
724-746-5500 | blackbox.com
Page 103
Advertisement
Chapters
Table of Contents
