User's Manual
Table Of Contents
- Table of Contents
- List of Figures
- Introduction
- Installing the Wireless Array
- Installation Prerequisites
- Planning Your Installation
- Installation Workflow
- Installing Your Wireless Array
- Powering Up the Wireless Array
- Establishing Communication with the Array
- Entering the License
- Performing the Express Setup Procedure
- The Web Management Interface
- Viewing Status on the Wireless Array
- Configuring the Wireless Array
- Express Setup
- Network
- Services
- VLANs
- Tunnels
- Security
- SSIDs
- Groups
- IAPs
- WDS
- Filters
- Clusters
- Using Tools on the Wireless Array
Wireless Array
218 Configuring the Wireless Array
Admin RADIUS
This window allows you to set up authentication of network administrators via
RADIUS. Using RADIUS to control administrator accounts for logging in to
Arrays has these benefits:
Centralized control of administrator accounts.
Less effort — you don't have to set up user names and passwords on each
Array; just enter them once on the RADIUS server and then all of the
Arrays can pull from the RADIUS server.
Enforced policies — you may set password rules (e.g., passwords must
contain at least one number and be at least 12 characters in length), and
you may set expiration times for passwords.
Admin RADIUS settings override any local administrator accounts configured on
the Admin Management window. If you have Admin RADIUS enabled, all
administrator authentication is done via the configured RADIUS servers. The
only exception to this is when you are connected via the Console port (using CLI).
If you are using the Console port, the Array will authenticate administrators
using accounts configured on the Admin Management window first, and then use
the RADIUS servers. This provides a safety net to be ensure that you are not
completely locked out of an Array if the RADIUS server is down.
About Creating Admin Accounts on the RADIUS Server
Permissions for RADIUS administrator accounts
ar
e controlled by the RADIUS
Xirrus-Admin-Role attribute. This is a Vendor Specific Attribute (VSA). To define
the privileges permitted to an administrator account, set the value of its Xirrus-
Admin-Role attribute to the desired Privilege Level Name string, as defined in
“Admin Privileges” on page 216. For more information about the RADIUS VSAs
used by Xirrus, see “RADIUS Vendor Specific Attribute (VSA) for Xirrus” on
page 463.
When configuring administrator accounts on the RADIUS server, you must
observe the same restrictions for length and legal characters as when creating
these accounts on the Array using the Admin Management window: the user
name and password must be between 5 and 50 characters, inclusive.