User guide
Canopy System User Guide Using RADIUS for centralized AP and SM
user name and password management
pmp-0229 (Mar 2013)
455
splitting the database. If Server 1 doesn’t respond, Server 2 is tried, and then server 3.
If
Server
1 rejects
authentication, Server 2 is not
tried.
Figure 155 User Authentication tab of the AP
SM – Technician/Installer/Administrator
Authenti
c
ation
To control technician, installer, and administrator access to the SM from a centralized
RADIUS
server:
1
Set Authentication Mode on the AP’s Configuration > Security tab to RADIUS
AAA
(RADIUS)
2
Set User Authentication Mode on the AP’s Account > User
Authentication
tab (the tab only appears
after the AP is set to AAA authentication) to Remote or Remote then
Local
.
3
Set User Authentication Mode on the SM’s Account > User Authentication tab to Remote or
Remote then Local.
•
Local: The local SM is checked for accounts. No centralized
RADIUS
accounting (access control)
is
performed.
•
Remote: Authentication by the centralized RADIUS server
is
required to gain access to the
SM if the SM is registered to an
AP
that has RADIUS AAA Authentication Mode selected.
For up to
2
minutes a test pattern will be displayed until the server responds
or
times
out.
•
Remote then Local: Authentication using the centralized
RADIUS
server is attempted. If the
server sends a reject message, then
the
setting of Allow Local Login after Reject from AAA
determines
if
the local user database is checked or not. If the configured
servers
do
not respond
within 2 minutes, then the local user database
is
used. The successful login method is displayed
in the
navigation
column of the SM.
Note, remote access control is enabled only after the SM registers to an AP that
has
Authentication
Mode set to RADIUS AAA. Local access control will always be
used
before registration and will be
used after registration if the AP is not configured
for
RADIUS.