User's Manual
Wireless Array
236 Configuring the Wireless Array
3. Settings (RADIUS Dynamic Authorization): Some RADIUS servers
have the ability to contact the Array (referred to as an NAS, see below) to
terminate a user with a Disconnect Message (DM). Or RADIUS may send
a Change-of-Authorization (CoA) Message to the Array to change a
user’s privileges due to changing session authorizations. This
implements RFC 5176—Dynamic Authorization Extensions to RADIUS.
a. Timeout (seconds): Define the maximum idle time before the
RADIUS server’s session times out. The default is 600 seconds.
b. DAS Port: RADIUS will use the DAS port on the Array for Dynamic
Authorization Extensions to RADIUS. The default port is 3799.
c. DAS Event-Timestamp: The Event-Timestamp Attribute provides a
form of protection against replay attacks. If you select Required, both
the RADIUS server and the Array will use the Event-Timestamp
Attribute and check that it is current within the DAS Time Window.
If the Event-Timestamp is not current, then the DM or CoA Message
will be silently discarded.
d. DAS Time Window: This is the time window used with the DAS
Event-Timestamp, above.
e. NAS Identifier: From the point of view of a RADIUS server, the
Array is a client, also called a Network Access Server (NAS). Enter
the NAS Identifier (IP address) that the RADIUS servers expect the
Array to use — normally the IP address of the Array’s Gigabit1 port.
4. RADIUS Attribute Formatting Settings: Some RADIUS servers,
especially older versions, expect information to be sent to them in a
legacy format. These settings are provided for the unusual situation that
requires special formatting of specific types of information sent to the
RADIUS server. Most users will not need to change these settings.
a. Called-Station-Id Attribute Format: Define the format of the Called-
Station-Id RADIUS attribute sent from the Array—BSSID:SSID
(default) or BSSID.