Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

381

382

383

384

385

386

387

388

389

390

Configuring AAA for Users of Third-Party APs

RoamAbout Mobility System Software Configuration Guide 17-39

RADIUS Server Requirements

•For802.1Xusers,theusernamesandpasswordsmustbeconfiguredontheRADIUSserver.

•Fornon‐802.1XusersofataggedSSID,thespeci alusernameweb‐portal‐ssidorlast‐resort‐

ssidmustbeconfigured,wheressidistheSSIDname.Thefallthruauthenticationtype(web‐

portalorlast‐resort)

specifiedforthewiredauthenticationportconnectedtotheAP

determineswhichusernameyouneedtoconfigure.

•ForanyusersofanuntaggedSSID,thespecialusernameweb‐portal‐wiredorlast‐resort‐

wiredmustbeconfigured,dependingonthefall thru authenticationtypespecifiedforthe

wiredauthenticationport.

Configuring Authentication for 802.1X Users of a Third-Party AP with

Tagged SSIDs

ToconfigureMSStoauthenticate802.1Xusersofathird‐partyAP,usethecommandsbelowtodo

thefollowing:

• ConfiguretheportconnectedtotheAPasawiredauthenticationport.Usethefollowing

command:

set port type wired-auth port-list [tag tag-list] [max-sessions num]

[auth-fall-thru {last-resort | none | web-portal}]

• ConfigureaMACauthenticationrulefortheAP.Usethefollowingcommand:

set authentication mac wired mac-addr-glob method1

• ConfiguretheRoamAboutSwitchportconnectedtotheAPasaRADIUSproxyfortheSSID

supportedbytheAP.IfSSIDtrafficfromtheAPistagged,assignthesametagvaluetothe

RoamAboutSwitchport.Usethefollowingcommand:

set radius proxy port port-list [tag tag-value] ssid ssid-name

•AddaRADIUSproxyentryforthe AP.TheproxyentryspecifiestheIPaddressoftheAPand

theUDPportsonwhichtheRoamAboutSwitchlistensforRADIUSaccess‐requestsand stop‐

accountingrecordsfromtheAP.Usethefollowingcommand:

set radius proxy client address ip-address [port udp-port-number] [acct-port

acct-udp-port-number] key string

• ConfigureaproxyauthenticationrulefortheAP’susers.Usethefollowingcommand:

set authentication proxy ssid ssid-name user-glob radius-server-group

Fortheport‐listofthesetporttypewired‐authandsetradiusproxyportcommands,specifythe

RoamAboutSwitchport(s)connectedtothethird‐partyAP.

Fortheip‐addressofthesetradiusproxyclientaddresscommand,specifytheIPaddressofthe

RADIUSclient(thethird‐party

AP).Fortheudp‐port‐number,specifytheUDPportonwhichthe

RoamAboutSwitchwilllistenforRADIUSaccess‐requests.ThedefaultisUDPport1812.Forthe

acct‐udp‐port‐number,specifytheUDPportonwhichtheRoamAboutSwitchwilllistenfor

RADIUSstop‐accountingrecords.The

defaultisUDPport1813.