Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentAltitude 4700 Series

201

202

203

204

205

206

207

208

209

210

Configuring Access Point Security

Altitude 4700 Series Access Point Product Reference Guide

206

7 Select the Accounting tab as required to define a timeout period and retry interval Syslog for MUs

interoperating with the access point and EAP authentication server. The items within this tab could

be enabled or disabled depending on whether Internal or External has been selected from the

RADIUS Server drop-down menu.

8 Select the Reauthentication tab as required to define authentication connection policies, intervals and

maximum retries. The items within this tab are identical regardless of whether Internal or External is

selected from the RADIUS Server drop-down menu.

Radius Port If using an External Radius Server, specify the port on

which the primary Radius server is listening. Optionally,

specify the port of a secondary (failover) server. Older

Radius servers listen on ports 1645 and 1646. Newer

servers listen on ports 1812 and 1813. Port 1645 or 1812

is used for authentication. Port 1646 or 1813 is used for

accounting. The ISP or a network administrator needs to

confirm the appropriate primary and secondary port

numbers for authentication. This setting is not available if

Internal has been selected from the Radius Server drop-

down menu.

Radius Shared

Secret

Specify a shared secret for authentication on the Internal

or Primary RADIUS server (External RADIUS Server only).

The shared secret is required to match the shared secret

on the RADIUS server. Optionally, specify a shared secret

for a secondary (failover) server. Use shared secrets to

verify RADIUS messages (with the exception of the

Access-Request message) sent by a RADIUS enabled

device configured with the same shared secret.

Apply the qualifications of a well-chosen password to the

generation of a shared secret. Generate a random, case-

sensitive string using letters and numbers. Verify the

shared secret is at least 22 characters to protect the

RADIUS server from brute-force attacks. An example of a

strong and secure shared secret is: 8d#>9fq4bV)H7%a3-

zE13sW.

External Radius

Server Address

Specify the IP address of the external RADIUS server

used to provide RADIUS accounting.

External Radius

Port

Specify the port on which the RADIUS server is listening.

The default port is 1813.

External Radius

Shared Secret

Specify a shared secret for authentication. The shared

secret is required to match the shared secret on the

RADIUS server.

MU Timeout Specify the time (in seconds) for the Access Point’s

retransmission of EAP-Request packets. The default is 10

seconds. If this time is exceeded, the authentication

session is terminated.

Retries Specify the number of retries for the MU to retransmit a

missed frame to the RADIUS server before it times out of

the authentication session. The default is 2 retries.

Enable Syslog Select the Enable Syslog checkbox to enable RADIUS

accounting syslog messages relating to EAP events to be

written to the specified syslog server.

Syslog Server IP

Address

Enter the IP address of the destination syslog server to be

used to log EAP events.