Manualshelf

User's Manual

ManualsBrandsAirgo Networks ManualsElectronicsTrue MIMO Access Point
71727374757677787980
7 Managing Security
154 Installation and User Guide: Airgo Access Point
If an external RADIUS server is to be used for MAC address based ACL lookups, the following
apply:
1 The RADIUS server must have PAP authentication enabled for these MAC ACL users
2 The RADIUS server can expect the AP to send the following standard RADIUS attributes in
the authentication request for purposes of policy configuration and interoperability. (MAC
addresses must have no colon or hyphen separators):
3 The RADIUS server should enforce a policy such that MAC ACL users are only allowed to use
PAP authentication for Wireless. This is important because the username and password are not
secret.
4 The RADIUS server may optionally send back the Session-Timeout attribute to override the
AP default session-timeout.
5 The RADIUS server may optionally send back an attribute encoded with the user group.
If an external RADIUS server is used for EAP based authentication (with WPA or with legacy
802.1x), the following information should be used when configuring the server:
1 The RADIUS server can expect the AP to send the following standard RADIUS attributes in
the authentication request for purposes of policy configuration and interoperability:
2 The RADIUS server can use these attributes to enforce policies such that EAP based
authentication is mandatory for Wireless.
3 The RADIUS server may optionally send back the Session-Timeout attribute to override the
AP default session-timeout.
Attribute Description
User-Name MAC address
User-Password MAC address
Message-Authenticator RADIUS extension providing enhanced authentication of message contents
(This is the same as the signature attribute in some RADIUS servers.)
NAS-IP-Address Management IP address of the AP
NAS-Port Radio interface number for the associating station
NAS-Port-Type Standard value Wireless - IEEE 802.11 (Indicates that the user has requested
access via an 802.11 port on the AP.)
Attribute Description
User-Name Contains the MAC address in the format specified above.
EAP-Message Contains the EAP messages received from the station.
Framed-MTU Contains a hint to help the RADIUS server for EAP fragmentation.
Message-Authenticator The RADIUS extension that provides enhanced authentication of the message
contents (also referred to as signature attribute in some RADIUS servers).
NAS-IP-Address Contains the management IP address of the AP.
NAS-Port Contains the radio interface number on which the station is associating.
NAS-Port-Type Contains the standard value “Wireless - IEEE 802.11” to indicate that the user
to be authenticated has requested access via an 802.11 port on the AP.