Motorola T3 Power Broadband Radius network authenticated login, Authenticating Clients using

Page 32

RADIUS network authenticated login

RADIUS network authenticated login

RADIUS server configurations apply to administrative access accounts and client 802.1X authentication. RADIUS access-requests are supported, but RADIUS accounting messages are not. Up to five RADIUS servers can be added. The default RADIUS port 1812 is used and is not configurable.

Authenticating Administrative Access

RADIUS network authenticated logins allows the administrators to easily change all passwords by changing the password on the RADIUS server, simplifying management of a large network with multiple users.

To use RADIUS network authentication, you will need a properly configured RADIUS server (free RADIUS servers are available for Linux operating systems or fee-based server products are available on UNIX and Microsoft NOS).

RADIUS authenticated logins only support the “admin” user account privileges with the following exceptions:

The RADIUS account cannot disable RADIUS login support

The RADIUS account cannot change the built-in “Admin” password

Note: The “admin” account name is not reserved. You may create an “admin” account on the RADIUS server. If so, the T3 will first check the password against the local “admin” account password before trying the RADIUS server. Unless there is a special reason to do so, we recommend not using an “admin” account on the RADIUS server

Authenticating Clients using 802.1X

To use RADIUS authentication, the server must support 802.1X protocol and a supported EAP type. Supported EAP types are TLS, TTLS, and PEAPv0 (also known simply as PEAP)

Configure the RADIUS Server

To create a RADIUS server configuration from the CLI, use the following command:

radius server config <1-5(index)><ip-address #.#.#.#> <shared-secret string> <timeout 1-10> <retries 1-120>

Options

Index

ip-address

shared-secret

Timeout

Retries

Description

5 RADIUS servers can be added. Authentication will be performed starting with the server in index 1

IP address of the RADIUS server

This is the password used by the RADIUS server to authentication the Access-Request packets from the Tut OS

Number of seconds to wait after sending an Access-Request packet before sending another request or trying another server. Practical timeout value is 5 seconds.

Number of retries before giving up and trying a different server. A practical entry for retries is 2 to 3.

Motorola, Inc.

570510-001-00 rev A

Page 32 of 50

 

 

 

Image 32
Contents T3 PowerBroadband Page Regulatory Statements Model Number45225 Frequency of Operation FCC and ICRF Exposure Guidelines InternationalRadio Frequency Interference Requirements- FCC Marking and European Economic Area EEAT2-2500 and T3 Switch M2 WallPlateWaste Electrical and Electronic Equipment Weee Commands and Syntax Quality of Service QoS Commands and Syntax Command HierarchyAdministrative Commands Show CommandsStyle Conventions Global CommandsCommand Completion Interface Range T3 PowerBroadband Switch Adaptive Line PowerSystem Description M2 Ethernet WallPlateM2 Ethernet WallPlate Physical MC-802 Wireless WallPlateFeatures of the MC-802 802.11b/g radio Physical Radio Hardware Model Numbers and DescriptionModel Numbers and Description for related Products Model Number Part Number DescriptionFront View Rear ViewCross-Connect Connections Mounting OptionsM2 2 port Ethernet WallPlate LED Status LightsPage System Administration Management AccessCLI Configuration Script files Access MethodsConfiguration Files using the webUI File dirHttp Menus Wireless WallPlate Firmware Reboot the Wireless WallPlate to activate the new softwareUpgrading the Firmware T3 FirmwareLine Quality View System Configuration and Status Summary Startup RunningCommit mode Reset to Default ConfigurationOther Configuration Help System config mode automanualmodeManaging the Wireless WallPlates WallPlate Inventory and Firmware ImageShow remote inventory Show remote imageIP Addresses Private IP addressPublic IP address Static IP address poolConfiguring a Wlan Global Radio CommandsExpanded Statistics and Status Per-WLAN CommandsMonitor the WLANs and radios Access Control Lists ACLs Ip access-list config 1 deny httpRadius network authenticated login Authenticating Administrative AccessAuthenticating Clients using Configure the Radius ServerWallPlate Installation Basic ConfigurationTools Required Components provided with the MC-802 WallPlateComponents required to purchase StepEnable line power Determine which port is being installedFinish the installation Enable line powerVlan Specification 802.1Q VLANsVlan terminology Tagged UntaggedVlan commands Tag-based Vlan Mode Port-based Vlan ModeWeb UI configuration Vlan General webUITag-based Vlan webUI Create/Delete VLANsSet Vlan Egress Rules Set Vlan Ingress RulesPort-based Vlan webUI Quality of Service QoS QoS commands and conceptsNetwork qos interface queue interface-id mode mode Queue Dynamic packet classification802.1P bit Commands QoS ExamplePacket Classification Packet transmissionLine Status Line Current Line Current Value Watts ReferenceAppendix a Pin-out Assignments Fast Ethernet WallPlate portsM2 WallPlate Appendix B Hardware SpecificationsT3 PowerBroadband MC-802 Wireless WallPlate