System information
Wireless Security Configuration
Configuring RADIUS Client Authentication
Configuring RADIUS Client
Authentication
Remote Authentication Dial-in User Service (RADIUS) is an authentication
protocol that uses software running on a central server to control access to
RADIUS-aware devices on the network. An authentication server contains a
database of user credentials for each user that requires access to the network.
A primary RADIUS server must be specified for the access point to implement
IEEE 802.1X (802.1X) network access control and Wi-Fi Protected Access
(WPA) wireless security. A secondary RADIUS server may also be specified
as a backup should the primary server fail or become inaccessible.
A RADIUS server can also be configured to provide MAC address authentica-
tion of wireless clients. If required, the access point can support both MAC
address and 802.1X authentication using a RADIUS server. However, config-
uring RADIUS MAC address authentication with WPA security is not
supported. For more information, see “Web: Configuring MAC Address
Authentication” on page 7-32.
No t e This configuration guide assumes that you have already configured the
RADIUS server(s) to support the access point. The configuration of RADIUS
server software is beyond the scope of this guide, refer to the documentation
provided with the RADIUS server software.
Dynamic VLAN Assignment. A VLAN ID (a number between 1 and 4094)
can be assigned to each client after successful authentication using
IEEE 802.1X and a central RADIUS server. The user VLAN IDs must be
configured on the RADIUS server for each user authorized to access the
network. If a user does not have a configured VLAN ID, the access point
assigns the user to the default VLAN ID of the associated SSID interface. For
more information on the access point’s VLAN support, see “Configuring VLAN
Support” on page 5-62.
7-25