Concept Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series 207 Access Points

161

162

163

164

165

166

167

168

169

170

165 | Authentication and User Management Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | User Guide

1. Navigate to Security>Authentication Servers. The Security window is displayed.

2. To create a new server, click New. A window for specifying details for the new server is displayed.

3. Configure parameters based on the type of sever.

l RADIUS—To configure a RADIUSserver, specify the attributes described in the following table:

Parameter Description

Name Enter a name for the server.

Server

address

Enter the host name or the IP address of the external RADIUS server.

RadSec Set RadSec to Enabled to enable secure communication between the RADIUS server and W-IAP

clients by creating a TLS tunnel between the W-IAP and the server.

If RadSec is enabled, the following configuration options are displayed:

l RadSec port— Communication port number for RadSec TLS connection. By default, the port

number is set to 2083.

l RFC 3576—When set to Enabled, it allows the APs to process RFC 3576-compliant Change of

Authorization (CoA) and disconnect messages from the RADIUS server.

l NAS IP address

l NAS identifier

For more information on RadSec configuration, see Enabling RADIUS Communication over TLS on

page 169.

Auth port Enter the authorization port number of the external RADIUS server within the range of 1–65535. The

default port number is 1812.

Accounting

port

Enter the accounting port number within the range of 1–65535. This port is used for sending

accounting records to the RADIUS server. The default port number is 1813.

Shared key Enter a shared key for communicating with the external RADIUS server.

Retype key Re-enter the shared key.

Timeout Specify a timeout value in seconds. The value determines the timeout for one RADIUS request. The

W-IAP retries to send the request several times (as configured in the Retry count), before the user

gets disconnected. For example, if the Timeout is 5 seconds, Retry counter is 3, user is

disconnected after 20 seconds. The default value is 5 seconds.

Retry count Specify a number between 1 and 5. Indicates the maximum number of authentication requests that

are sent to the server group, and the default value is 3 requests.

RFC 3576 Select Enabled to allow the APs to process RFC 3576-compliant Change of Authorization (CoA) and

disconnect messages from the RADIUS server. Disconnect messages cause a user session to be

terminated immediately, whereas the CoA messages modify session authorization attributes such

as data filters.

NAS IP

address

Allows you to configure an arbitrary IP address to be used as RADIUS Attribute 4, NAS IP Address,

without changing source IP Address in IP header of RADIUS packet.

Table 31: RADIUSServer Configuration Parameters