User's Manual

7 Managing Security

158 Installation and User Guide: Airgo Access Point

• The external RADIUS server must have Password Authentication Protocol (PAP)

authentication enabled for administrative users.

• The Airgo AP sends a standard RADIUS attribute called Service-Type in the authentication

request. The value of this attribute is set to Administrative to indicate that the user to be

authenticated has requested access to an administrative interface on the AP.

• If the user authentication is successful, the RADIUS server must send back a vendor-specific

attribute defined as follows:

vendor-id=13586, vendor sub-type=3, integer value = 1

This attribute informs the AP that the user is not a normal user, but rather an administrator who

may be granted access to the privileges of the administrative interface.

AP Certificate

To view information about the unique X.509 security certificate assigned to the AP, choose

Administrator Security from the Security Services menu to open the Administrator Security

panel, and then select AP Certification (Figure 112).

Figure 113: Administrator Security - AP Certificate

This tab contains the following information:

Item Description

Subject Name AP Device ID.

Issuer Name Device ID of the certificate issuing entity.

Serial Number Serial number of the AP.

X.509 Thumbprint SHA1 hash of the AP digital certificate. Used to authenticate the identity

of the AP device during AP enrollment and when managing the AP using

the Web browser interface.

SSH Fingerprint MD5 hash of the AP digital certificate. Used to authenticate the identity

of the AP when using SSH to remotely manage the AP.