Manualshelf

User guide

ManualsBrandsMotorola ManualsOther5440SM - Canopy 5.4 GHz Subscriber Module
441442443444445446447448449450
Canopy System User Guide Choosing Authentication Mode and
Configuring for Authentication Servers -
AP
pmp-0229 (Mar 2013)
445
Note, Aradial 5.3 has a bug that prevents “remote device login”, preventing usage of the user
name and password management
features.
Choosing Authentication Mode and Configuring
for
Authenti
c
ation
Ser
v
er
s - AP
On the AP’s Configuration > Security tab, select the RADIUS AAA Authentication Mode.
The following describes the
other
Authentication Mode options for reference, and then the
RADIUS AAA
option.
Disabled
: Requires no authentication. Any SM (except an SM that itself has been
configured to
require
RADIUS authentication by enabling Enforce Authentication as
described below) will be allowed to
register
to the
AP.
Authentication Server: Authentication Server in this instance refers to Wireless Manager in
BAM-only mode. Authentication will be
required
for an SM to register to the AP. Only
SMs listed by MAC address in the Wireless Manager database will
be
allowed to register to
the
AP.
AP Pre-Shared
Key
: Canopy offers a pre-shared key authentication option. In this case, an
identical key
must
be entered in the Authentication Key field on the AP’s Configuration >
Security tab and in the Authentication Key field on each desired SM’s Configuration >
Security
tab.
RADIUS
AAA
: To support RADIUS authentication of SMs, on the AP’s Configuration >
Security tab
select
RADIUS AAA. Only properly configured SMs with a valid certificate
will be allowed to
register
to the
AP.
When RADIUS AAA is selected, up to 3 Authentication Server (RADIUS Server)
IP
addresses
and Shared Secrets can be configured. The IP address(es) configured here
must
match the IP
address(es) of the RADIUS server(s). The shared secret(s) configured here
must
match the
shared secret(s) configured in the RADIUS server(s). Servers 2 and 3 are meant
for
backup and
reliability, not splitting the database. If Server 1 doesn’t respond, Server 2 is
tried,
and then
server
3. If Server 1 rejects authentication, the SM is denied entry to the network, and does
not
progress trying the other
servers.
The default IP address is 0.0.0.0.
The
default Shared Secret is “CanopySharedSecret”. The
Shared Secret can be up to 32
ASCII
characters (no diacritical marks or ligatures, for
example)