User guide
Canopy System User Guide Choosing Authentication Mode and
Configuring for Authentication Servers -
AP
pmp-0229 (Mar 2013)
449
SM - Phase 1 (Outside Identity) parameters and
s
ettin
gs
The protocols supported for the Phase 1 (Outside Identity) phase of authentication
are
eapttls (Extensible Authentication Protocol Tunneled Transport Layer
Security) and
eapMSChapV2
(Extensible Authentication Protocol – Microsoft Challenge-Handshake
Authentication Protocol).
Configure an outer Identity in the Username field. This must match the Phase
1/Outer
Identity
username configured in the RADIUS server. The default Phase 1/Outer
Identity
Username is
“anonymous”. The Username can be up to 128 non-special (no
diacritical
markings)
alphanumeric
characters.
If Realms are being used in the RADIUS system (eapttls only), select
Enable Realm and configure an outer identity in the
Identity
field and a Realm in the Realm field.
These must match the Phase 1/Outer
Identity and
Realm
configured in the RADIUS server. The
default Identity is “anonymous”. The Identity can be
up
to
128 non-special (no diacritical
markings) alphanumeric characters. The default Realm
is
“canopy.net”. The Realm can also be up
to 128 non-special alphanumeric
characters.
SM - Phase 2 (Inside Identity) parameters and
s
ettin
gs
If using eapttls for Phase 1 authentication, select the desired Phase 2 (Inside Identity)
authentication protocol from the Phase 2 options
of
PAP (Password Authentication Protocol),
CHAP (Challenge Handshake
Authentication
Protocol), and MSCHAPv2 (Microsoft’s version
of CHAP). The protocol
must
be
consistent with the authentication protocol configured on the
RADIUS
server.
Enter a Username for the SM. This must match the username configured for
the SM on
the
RADIUS server. The default Username is the SM’s MAC address. The
Username can be up
to
128 non-special (no diacritical markings) alphanumeric
characters.
Enter the desired password for the SM in the Password and Confirm Password fields..
The
Password must match the password configured for the SM on the RADIUS server.
The
default
Password is “password”. The Password can be up to 128 non-special (no
diacritical
markings)
alphanumeric
characters.
Handling Certificates
Managing SM Certificates via the SM GUI
The default public Canopy certificates are loaded into SMs upon factory software installation.
The default certificates are not secure and are intended for
use
during lab and field trials as part
of gaining experience with the RADIUS functionalities or as
an
option during debug. For secure
operation, an operator will want to create or procure their
own
certificates.