Manualshelf

User's Manual

ManualsBrandsAerohive Networks ManualsElectronics802.11 a/b/g/n access point
31323334353637383940
Table Of Contents
Chapter 8 HiveManager Configuration Examples
124 Aerohive
100,000,000 seconds. Generally, you want to make the retry interval fairly large so that supplicants (that is,
wireless clients requesting 802.1X authentication) do not have to wait unnecessarily as a HiveAP repeatedly
tries to connect to a primary server that is down for an extended length of time.
Accounting Interim Update Interval: 20 (default)
This is the interval in seconds for updating the RADIUS accounting server with the cumulative length of a
client’s session. Because this example does not make use of RADIUS accounting, leave the default setting.
•Description: 802.1X authentication for corp employees
2. Click the RADIUS Servers tab, enter the following, and then click Apply:
—Type: IP Address
Server IP/Name: RADIUS-Server-Primary (previously configured in "RADIUS Servers" on page 102)
—Shared Secret: J7ix2bbbLA
—Confirm Secret: J7ix2bbbLA
Authentication Port: 1812 (default RADIUS authentication port number)
Enable Accounting: (clear)
Server Priority: Primary
—Description: Primary RADIUS server
•Click New, enter the following, and then click Apply:
—Type: IP Address
Server IP/Name: RADIUS-Server-Secondary (previously configured in "RADIUS Servers" on page 102)
—Shared Secret: J8Dx2c13Mb
—Confirm Secret: J8Dx2c13Mb
Authentication Port: 1812 (default RADIUS authentication port number)
Enable Accounting: (clear)
Server Priority: Backup1
—Description: Backup (Secondary) RADIUS server
3. To save the configuration and close the dialog box, click Save.
RADIUS Server Attributes
On the two RADIUS servers (also referred to as "RADIUS home servers"), define the HiveAPs as RADIUS clients.
3
Also,
configure the following attributes for the realms to which user accounts matching the two user profiles belong:
The RADIUS server returns one of the above sets of attributes based on the realm to which an authenticating user
belongs. HiveAPs then use the combination of returned RADIUS attributes to assign users to profile 3 ("IT"), or 4
("Emp"). Note that these attributes do not create a GRE tunnel, which the tunnel type might seem to indicate.
Note: The shared secret is a case-sensitive alphanumeric string that must be entered on the
RADIUS authentication server exactly as shown above.
3. If you use RADIUS proxy servers, then direct RADIUS traffic from the HiveAPs to them instead of the RADIUS home servers. This
approach offers the advantage that you only need to define the proxy servers as clients on the RADIUS home servers. You can
then add and remove multiple HiveAPs without having to reconfigure the RADIUS home servers after each change.
Realm for IT (User Profile Attribute = 3) Realm for Emp (User Profile Attribute = 4)
Tunnel Type = GRE (value = 10) Tunnel Type = GRE (value = 10)
Tunnel Medium Type = IP (value = 1) Tunnel Medium Type = IP (value = 1)
Tunnel Private Group ID = 3 Tunnel Private Group ID = 4