Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentAltitude 4000 Series
71727374757677787980
FreeRADIUS and Security
Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.1 Technical Reference Guide
78
The simplest format to use is:
client 10.0.0.10 {
secret = testing123
shortname = Summit WM001
}
In this case the RADIUS client is a Summit WM at 10.0.0.10. Since the Summit WM has many IP
addresses, some physical and some virtual, there is confusion over which IP address to use as the
RADIUS client address. The answer is that whatever interface the Summit WM will use to send the
packet to the RADIUS server. In the CLI of the Summit WM use the ping <target> command to
determine which interface will be used if it is not obvious. If the path to the RADIUS server changes
based upon OSPF routing updates then it is best to enter all possibilities into this file.
The secret parameter will be asked for during the configuration of the Summit WM WLAN equipment
and is typically referred to as the ‘shared secret’.
users file
Example for Captive Portal Authentication
The users file is used for entering static information that can be used for authentication. The simplest
form of an entry is:
"username" Auth-Type := local, User-Password == "aDRM123"
This type of entry can be used for CHAP authentication types. This entry can also be used for PAP-type
authentication types provided that the pap definition in the modules section of the radiusd.conf file has
the encryption_scheme set to ‘clearrather than the default of ‘crypt’.
Attributes can be added to the user definition in this file. An example for a captive portal environment
would be:
"username" Auth-Type := local, User-Password == "aDRM123"
Filter-Id = "filter1",
Session-Timeout = 10
In this example the filter-id ‘filter1’ is returned to the Summit WM and a session timeout of 10 minutes
is returned. If the Summit WM has a filter defined that matches the returned Filter-Id attribute then it
will be used. In addition, if the session is successfully authenticated then the session on the Summit
WM has an absolute limit of 10 minutes at which point re-authentication will be necessary.
Example for MAC-based Authentication
Users can also be defined directly as type PAP, for example, for MAC-based authentication the Summit
WM sends both the username and the password as the MAC address, so it is typical to see a device
entered into the users file as follows:
#vocera badge example
"0009EF003BAF" Auth-Type := PAP, User-Password == "0009EF003BAF"