Access Point User Guide
Table Of Contents
- Introduction
- Installation and Initialization
- System Status
- Advanced Configuration
- System
- Network
- Interfaces
- Management
- Filtering
- Alarms
- Bridge
- QoS
- Radius Profiles
- SSID/VLAN/Security
- Monitoring
- Commands
- Troubleshooting
- Command Line Interface (CLI)
- General Notes
- Command Line Interface (CLI) Variations
- CLI Command Types
- Using Tables and Strings
- Configuring the AP using CLI commands
- Set Basic Configuration Parameters using CLI Commands
- Set System Name, Location and Contact Information
- Set Static IP Address for the AP
- Change Passwords
- Set Network Names for the Wireless Interface
- Enable 802.11d Support and Set the Country Code
- Enable and Configure TX Power Control for the Wireless Interface(s)
- Configure SSIDs (Network Names), VLANs, and Profiles
- Download an AP Configuration File from your TFTP Server
- Backup your AP Configuration File
- Set up Auto Configuration
- Other Network Settings
- Configure the AP as a DHCP Server
- Configure the DNS Client
- Configure DHCP Relay
- Configure DHCP Relay Servers
- Maintain Client Connections using Link Integrity
- Change your Wireless Interface Settings
- Set Ethernet Speed and Transmission Mode
- Set Interface Management Services
- Configure Syslog
- Configure Intra BSS
- Configure Wireless Distribution System
- Configure MAC Access Control
- Set RADIUS Parameters
- Set Rogue Scan Parameters
- Set Hardware Configuration Reset Parameters
- Set VLAN/SSID Parameters
- Set Security Profile Parameters
- CLI Monitoring Parameters
- Parameter Tables
- CLI Batch File
- ASCII Character Chart
- Specifications
- Technical Support
- Statement of Warranty
- Regulatory Compliance
Advanced Configuration AP-4000 Series User Guide
Radius Profiles
110
• Destination Port: Enter the port number which the AP and the server will use to communicate. By default,
RADIUS servers communicate on port 1812.
• Server VLAN ID: Indicates the VLAN that uses this RADIUS server profile. If VLAN is disabled, this field will be
grayed out.
• Shared Secret and Confirm Shared Secret: Enter the password shared by the RADIUS server and the AP. The
same password must also be configured on the RADIUS server. The default password is “public.”
• Response Time (seconds): Enter the maximum time, in seconds, that the AP should wait for the RADIUS server
to respond to a request. The range is 1-10 seconds; the default is 3 seconds.
• Maximum Retransmissions (0-4): Enter the maximum number of times an authentication request may be
transmitted. The range is 0 to 4, the default is 3.
• Server Status: Select Enable from the drop-down box to enable the RADIUS Server Profile.
3. Click OK.
4. Select the Profile and click Edit to configure the Secondary RADIUS Server, if required.
MAC Access Control Via RADIUS Authentication
If you want to control wireless access to the network and if your network includes a RADIUS Server, you can store the list
of MAC addresses on the RADIUS server rather than configure each AP individually. You can define a RADIUS Profile
that specifies the IP Address of the server that contains a central list of MAC Address values identifying the authorized
stations that may access the wireless network. You must specify information for at least the primary RADIUS server. The
back-up RADIUS server is optional.
NOTE: Each VLAN can be configured to use a separate RADIUS server (and backup server) for MAC authentication.
MAC access control can be separately enabled for each VLAN.
NOTE: Contact your RADIUS server manufacturer if you have problems configuring the server or have problems using
RADIUS authentication.
802.1x Authentication using RADIUS
You must configure a primary EAP/802.1x Authentication server to use 802.1x security. A back-up server is optional.
NOTE: Each VLAN can be configured to use a separate RADIUS server (and backup server) for 802.1x authentication.
802.1x authentication (“EAP authentication”) can be separately enabled for each VLAN.
RADIUS Accounting
Using an external RADIUS server, the AP can track and record the length of client sessions on the access point by
sending RADIUS accounting messages per RFC2866. When a wireless client is successfully authenticated, RADIUS
accounting is initiated by sending an “Accounting Start” request to the RADIUS server. When the wireless client session
ends, an “Accounting Stop” request is sent to the RADIUS server.
NOTE: Each VLAN can be configured to use a separate RADIUS accounting server (and backup accounting server).
Session Length
Accounting sessions continue when a client reauthenticates to the same AP. Sessions are terminated when:
• A client disassociates.
• A client does not transmit any data to the AP for a fixed amount of time.
• A client is detected on a different interface.
• Idle-Timeout or Session-Timeout attributes are configured in the Radius server.
If the client roams from one AP to another, one session is terminated and a new session is begun.