Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentAltitude 3500 Series

171

172

173

174

175

176

177

178

179

180

Configuring Access Point Security

Altitude 3500 Series Access Point Product Reference Guide

178

7 Select the Accounting tab as required to define a timeout period and retry interval Syslog for MUs

interoperating with the Altitude 35xx and EAP authentication server. The items within this tab could

be enabled or disabled depending on whether Internal or External has been selected from the

RADIUS Server drop-down menu.

8 Select the Reauthentication tab as required to define authentication connection policies, intervals and

maximum retries. The items within this tab are identical regardless of whether Internal or External is

selected from the Radius Server drop-down menu.

Radius Shared

Secret

Specify a shared secret for authentication on the Internal

or Primary RADIUS server (External RADIUS Server only).

The shared secret is required to match the shared secret

on the RADIUS server. Optionally, specify a shared secret

for a secondary (failover) server. Use shared secrets to

verify RADIUS messages (with the exception of the

Access-Request message) sent by a RADIUS enabled

device configured with the same shared secret.

Apply the qualifications of a well-chosen password to the

generation of a shared secret. Generate a random, case-

sensitive string using letters and numbers. Verify the

shared secret is at least 22 characters to protect the

RADIUS server from brute-force attacks. An example of a

strong and secure shared secret is: 8d#>9fq4bV)H7%a3-

zE13sW.

External Radius

Server Address

Specify the IP address of the external RADIUS server

used to provide RADIUS accounting.

External Radius

Port

Specify the port on which the RADIUS server is listening.

The default port is 1813.

External Radius

Shared Secret

Specify a shared secret for authentication. The shared

secret is required to match the shared secret on the

RADIUS server.

MU Timeout Specify the time (in seconds) for the access point’s

retransmission of EAP-Request packets. The default is 10

seconds. If this time is exceeded, the authentication

session is terminated.

Retries Specify the number of retries for the MU to retransmit a

missed frame to the RADIUS server before it times out of

the authentication session. The default is 2 retries.

Enable Syslog Select the Enable Syslog checkbox to enable RADIUS

accounting syslog messages relating to EAP events to be

written to the specified syslog server.

Syslog Server IP

Address

Enter the IP address of the destination syslog server to be

used to log EAP events.

Enable

Reauthentication

Select the Enable Reauthentication checkbox to configure

a wireless connection policy so MUs are forced to

reauthenticate periodically. Periodic repetition of the EAP

process provides ongoing security for current authorized

connections.

Period (30-9999)

secs

Set the EAP reauthentication period to a shorter interval

for tighter security on the WLAN's connections. Set the

EAP reauthentication period to a longer time interval (at

most, 9999 seconds) to relax security on wireless

connections. The default interval of 3600 seconds is

recommended.