Manualshelf

Technical data

ManualsBrandsMeru Networks ManualsComputer equipmentOAP180
171172173174175176177178179180
154 Meru System Director Configuration Guide © 2012 Meru Networks, Inc.
Radius Authentication
Service-Type(6) = Value:Login(1)
User-Password(2) = Value:<password string>
MESSAGE: Access-Accept
ATTRIBUTES:
Framed-Protocol(7) = PPP(1)
Service-Type(6) = Framed-User(2)
Class(25)
Message-Authenticator(80)
OPTIONAL ATTRIBUTES (depends on EAP type):
EAP-Message(79)
OPTIONAL ATTRIBUTES (required for Radius-assigned VLAN):
Tunnel-Medium-Type(65) = 802(6)
Tunnel-Type(64) = VLAN(13)
Tunnel-Private-Group-Id (81) = <the VLAN ID>
OPTIONAL ATTRIBUTES (depends on Radius based User Management)
Filter-Id(11) = Value:<Privilege Level>:<1-15>
Radius Accounting for Clients
If you have a Radius accounting server in your network, you can configure the
controller to act as a Radius client, allowing the controller to send accounting
records to the Radius accounting server. The controller sends accounting records
either for clients who enter the wireless network as 802.1X authorized users or for
the clients that are Captive Portal authenticated.
When using Radius accounting, set up a separate Radius profile for the Radius
accounting server and point the ESS profile to that Radius profile. So, for example,
you could have a Radius profile called radiusprofile1 that uses UDP port 1645 or 1812
(the two standard ports for Radius authentication) and your security profiles would
point to radiusprofile1. To support Radius accounting, configure a new radius profile
(like radiusprofile1_acct) even if the Radius accounting server is the same as the
Radius authentication server. Set its IP and key appropriately and set its port to the
correct Radius accounting port (1646, 1813 for example). Then point ESS profiles) to
this new Radius profile radiusprofile1_acct.
Accounting records are sent for the duration of a client session, which is identified
by a unique session ID. You can configure a Radius profile for the primary Radius
accounting server and another profile for a secondary Radius accounting server,
which serves as a backup should the primary server be offline. The switch to the
backup Radius server works as follows. After 30 seconds of unsuccessful Primary
Radius server access, the secondary Radius server becomes the default. The actual