Configuring The Radius Server; Radius Overview - Motorola WiNG 4.4 Reference Manual

6 - 90 WiNG 4.4 Switch System Reference Guide

6.8 Configuring the Radius Server

Remote Authentication Dial-In User Service (Radius) is a client/server protocol and software enabling remote access
servers to communicate with the switch to authenticate users and authorize their access to the switch managed network.
For an overview on the switch's Radius deployment, see
Radius Overview on page 6-90.
Setting up Radius on the switch entails the following configuration activities:
• Defining the Radius Configuration
• Configuring Radius Authentication and Accounting
• Configuring Radius Users
• Configuring Radius User Groups
• Viewing Radius Accounting Logs
NOTE: For hotspot deployment, Motorola Solutions recommends using the switch's
onboard Radius server and built-in user database. This is the easiest setup option and
offers a high degree of security and accountability.

6.8.1 Radius Overview

Radius enables centralized management of switch authentication data (usernames and passwords). When a MU attempts
to associate to the Radius supported switch, the switch sends the authentication request to the Radius server. The
communications between the switch and server are authenticated and encrypted through the use of a shared secret
password (not transmitted over the network).
The switch's local Radius server stores the authentication data locally, but can also be configured to use a remote user
database. A Radius server as the centralized authentication server is an excellent choice for performing accounting. Radius
can significantly increase security by centralizing password management.
NOTE: The switch can be configured to use its own local Radius server or an external
Radius server you define and configure. For information on the benefits and risks of using
the switch's resident Radius Server (as opposed to an external Radius Server), see
Using the Switch's Radius Server Versus an External Radius on page 6-92.
CAUTION: When restarting or rebooting the switch, the Radius server is restarted
regardless of its state before the reboot.
The Radius server defines authentication and authorization schemes for granting the access to wireless clients. Radius is
also used for authenticating hotspot and remote VPN Xauth. The switch can be configured to use 802.1x EAP for
authenticating wireless clients with a Radius server. The following EAP authentication types are supported by the switch's
onboard Radius server:
• TLS
• TLS and MD5
• TTLS and PAP
• TTLS and MSCHAPv2
• PEAP and GTC
• PEAP and MSCHAPv2