Manualshelf

User guide

ManualsBrandsMotorola ManualsOther5440SM - Canopy 5.4 GHz Subscriber Module
451452453454455456457458459460
454
pmp-0229 (Mar 2013)
Using RADIUS for centralized AP and SM user
name and password management
Configuring a RADIUS server
Cambium
-Canopy-UserLevel
26
.161.50
i
nteger
N
1
-Technician,
2-Installer,
3
-Administrator
Account > Add User >
Level
0
32
bits
N
ote about VSA
numbering:
26
connotes Vendor Specific Attribute, per RFC
2865
26
.311 is Microsoft Vendor Code, per
IANA
Using RADIUS for centralized AP and SM user
name and password management
AP Technician/Installer/Administrator
Authenti
c
ation
To control technician, installer, and administrator access to the AP from a centralized
RADIUS server:
1
Set Authentication Mode on the AP’s Configuration > Security tab to RADIUS AAA
2
Set User Authentication Mode on the AP’s Account > User Authentication
tab
(the tab only appears
after the AP is set to RADIUS authentication) to
Remote
or Remote then
Local
.
Local: The local SM is checked for accounts. No centralized
RADIUS
accounting (access control)
is
performed.
Remote: Authentication by the centralized RADIUS server
is
required to gain access to the
SM if the SM is registered to an
AP
that has RADIUS AAA Authentication Mode selected.
For up to
2
minutes a test pattern will be displayed until the server responds
or
times
out.
Remote then Local: Authentication using the centralized
RADIUS
server is attempted. If the
server sends a reject message, then
the
setting of Allow Local Login after Reject from AAA
determines
if
the local user database is checked or not. If the configured
servers
do
not respond
within 2 minutes, then the local user database
is
used. The successful login method is displayed
in the
navigation
column of the SM.
Either the same RADIUS server used for SM authentication can be
used
for user authentication and
accounting (access control), or a separate RADIUS
accounting
server can be used. Indicate your
network design under Authentication
Server Settings
in the AP’s
Security
tab.
If separate accounting server(s) are used, configure the IP address(es) and Shared
Secret
(s)
in the
Accounting Server fields. The default Shared Secret is “CanopyAcctSecret”. Up to
3
servers can be
used for redundancy. Servers 2 and 3 are meant for backup and reliability,
not