User`s manual

ManualsBrandsD-Link ManualsComputer equipmentDWL-8220AP - AirPremier Wireless Switch Dualband Access Point

321

322

323

324

325

326

327

328

329

330

320

DWS-1008 User’s Manual

D-Link Systems, Inc.

Conguring Communication with RADIUS

Conﬁguring Communication with RADIUS

RADIUS Overview

Remote Authentication Dial-In User Service (RADIUS) is a distributed client-server system.

RADIUS servers provide a repository for all usernames and passwords, and can manage

and store large groups of users.

RADIUS servers store user proles, which include usernames, passwords, and other AAA

attributes. You can use authorization attributes to authorize users for a type of service, for

appropriate servers and network segments through VLAN assignments, for packet ltering

by access control lists (ACLs), and for other services during a session. You must include

RADIUS servers in a server group before you can access them.

Before You Begin

To ensure that you can contact the RADIUS servers you plan to use for authentication, send

the ping command to each one to verify connectivity.

ping ip-address

You can then set up communication between the switch and each RADIUS server group.

Conguring RADIUS Servers

An authentication server authenticates each client with access to a switch port before making

available any services offered by the switch or the wireless network. The authentication server

can reside either in the local database on the switch or on a remote RADIUS server.

When a RADIUS server is used for authentication, you must congure RADIUS server

parameters. For each RADIUS server, you must, at a minimum, set the server name, the

password (key), and the IP address. You can include any or all of the other optional parameters.

You can set some parameters globally for the RADIUS servers.

For RADIUS servers that do not explicitly set their own dead time and timeout timers and

transmission attempts, MSS sets the following values by default:

• Dead time - 0 (zero) minutes (The switch does not designate unresponsive RADIUS

servers as unavailable.)

• Transmission attempts - 3

• Timeout (wait for a server response) - 5 seconds

When MSS sends an authentication or authorization request to a RADIUS server, MSS waits

for the amount of the RADIUS timeout for the server to respond. If the server does not

respond, MSS retransmits the request. MSS sends the request up to the number of retransmits

congured. (The retransmit setting species the total number of attempts, including the rst

attempt.) For example, using the default values, MSS sends a request to a server up to three

times, waiting 5 seconds between requests.