User guide
Canopy System User Guide
pmp-0229 (Mar 2013)
444
Chapter 24: Configuring a RADIUS server
Configuring a RADIUS server in a PMP network is optional, but can provide added security,
increase ease of network management and provide usage-based billing data.
Understanding RADIUS
RADIUS
Fun
c
tion
s
RADIUS protocol support provides the
following
functions:
• SM Authentication allows only known SMs onto the network (blocking
“rogue”
SMs),
and can be configured to ensure SMs are connecting to a known
network
(preventing SMs
from connecting to “rogue” APs). RADIUS authentication is
used
for SMs,
but
is not used
for APs.
• SM Configuration: Configures authenticated SMs with MIR (Maximum Information Rate),
High Priority, and VLAN (Virtual LAN) parameters from the RADIUS server when an SM
registers to an AP.
• Centralized AP and SM user name and password management allows AP
and
SM
usernames and access levels (Administrator, Installer, Technician) to
be
centrally
administered in the RADIUS server instead of on each radio and tracks
access
events
(logon/logoff) for each username on the RADIUS server. This accounting does not track
and
report
specific configuration actions performed on radios or pull statistics such as
bit
counts from the radios. Such f
unctions require an Element Management
System
(EMS)
such as Cambium Networks Wireless Manager. This accounting is
not
the ability to perform
accounting functions on the subscriber/end
user/customer
account.
•
Framed IP
allows o
perators to use a RADIUS server to assign management IP addressing to
SM modules (framed IP address).
Tested RADIUS Servers
The Canopy RADIUS implementation has been tested and is supported
on
• FreeRADIUS, Version
2.1.8
• Aradial RADIUS, Version
5.1.12