User guide
458
pmp-0229 (Mar 2013)
Using RADIUS for centralized AP and SM user
name and password management
Configuring a RADIUS server
Access
T
ra
c
kin
g
To track logon and logoff times on individual radios by technicians, installers, and administrators, on the
AP or SM’s Account > User Authentication tab
under
Accounting (Access Tracking) set Accounting
Messages to “deviceAccess”.
Device Access Tracking is enabled separately from User Authentication Mode. A given AP
or
SM can be configured for both, either, or
neither.
RADIUS Attribute Framed-IP-Address
Operators may now use a RADIUS AAA server to assign management IP addressing to SM modules
(framed IP address). SMs now interpret attributes Framed-IP-Address, Framed-IP-Netmask, and
Cambium-Gateway from RADIUS. The RADIUS dictionary file has been updated to include the
Cambium-Gateway attribute and is available on the Cambium Software Support website.
In order for these attributes to be assigned and used by the SM, the following must be true:
• The Canopy system is configured for AAA authentication
• The SM is not configured for DHCP on its management interface. If DHCP is enabled and these
attributes are configured in the RADIUS server, the attributes will be ignored by the SM.
• The SM management interface must be configured to be publically accessible. If the SM is configured
to have local accessibility, the management interface will still be assigned the framed addressing, and
the SM will become publicly accessible via the assigned framed IP addressing.
When using these attributes, for the addressing to be implemented by the SM operators must configure
Framed-IP-Address in RADIUS. If Framed-IP-Address is not configured but Framed-IP-Netmask and/or
Cambium-Gateway is configured, the attributes will be ignored. In the case where only the Framed-IP-
Address is configured, Framed-IP-Netmask defaults to 255.255.0.0 (NAT disabled) / 255.255.255.0 (NAT
enabled) and Cambium-Gateway defaults to 0.0.0.0