Configuring the External Radius Server | D-Link DWS 3000 guide

B

Configuring the External RADIUS Server

You can store the Valid AP configuration on a local database on the D-Link WLAN Controller Switch or on an external RADIUS server. This appendix describes the attributes you must define for each feature to setup their configuration on the RADIUS server.

One important reason why you might define the AP information on the RADIUS server rather than on the switch is to allow peer switches to obtain the data from a single source rather than having to define it on each switch.

Configuring RADIUS Settings for Access Points

Since the AP is identified by its physical MAC address, you must add a RADIUS entry for each AP with the User-Name attribute set to the MAC address. Table 60 indicates the attributes to configure in the RADIUS server entry for each AP. Add the vendor-specific attributes by using the D-Link vendor ID (6132) and the identifier D-Link-Wireless-AP-* (where “*” represents the attribute name).

NOTE: This appendix does not describe RADIUS configuration for AP network authentication using 802.1x. This feature is separate from a valid AP configuration entry. The edge device that connects to the AP performs the network authentication. The edge device might not be the D-Link WLAN Controller Switch.

Table 60. RADIUS Attributes for the Access Point

	RADIUS Server	Description	Range	Usage
	Attribute	Description	Range	Usage
	Attribute
	User-Name (1)	Ethernet Address of the AP.	Valid Ethernet MAC	Required
			Address

	User-Password (2)	A fixed password used to	8-63 characters, default	Required
		lookup an AP entry.	NOPASSWORD

	Vendor-Specific (26)	A description for the AP,	1-32 characters	Optional
	Location	often based on its location.

Configuring RADIUS Settings for Access Points 179

Image 179

D-Link DWS 3000 user manual Configuring the External Radius Server, Configuring Radius Settings for Access Points

Contents

Copyright 2006. All rights reserved Precaución FCC WarningCE Mark Warning Warnung Table of Contents Installing the D-Link Unified Access System Managing and Maintaining D-Link Access Points Configuring the External Radius Server Technical Support Page List of Tables Page Sample Wlan Visualization List of Figures WPA Personal Configuration Organization Symbol Description ExampleAbout This Document Audience Safety Cautions Safety Instructions Safety Instructions General Precautions for Rack-Mountable Products Protecting Against Electrostatic Discharge Battery Handling ReminderPage Link Wlan Controller Switch Overview of the D-Link Unified Access SystemLink Unified Access System Components Wlan Visualization Link Access Point Single WCS Deployment Link Unified Access System Topology Single WCS with Layer 2 Roaming Support Peer Switch WCS Deployment Peer WCS with Layer 3 Roaming Support Understanding the User Interfaces Web Interface Layout Using the Web Interface Navigation Menu Interface Configuration Graphic Tools Menu Using the Command-Line InterfaceConfiguration and Monitoring Options Wlan Tabs Using Snmp Tkip AES & Ccmp Wireless System Features and Standards Support CLI Syslog Tftp System Requirements Planning the D-Link Unified Access System Network Wlan Topology Considerations Link Unified Access System Components Wiring Closet Topology Access Point Placement Access Point-to-Switch Discovery Network Planning to Support Layer 3 Roaming Inter-Subnet Roaming Hardware Overview Installing the Hardware Front Panel Components LED Indicators For PoE Mode PowerPoE Mode For Link/Act/Speed Mode Combo SFP Ports Rear Panel DescriptionSide Panels 10GE Port LEDs Installation Guidelines InstallationPackage Contents Installing the Switch in a Rack Installing the Switch without the Rack Power Failure Powering On the SwitchInstalling the SFP ports Inserting the Fiber-Optic Transceivers into the Switch Installing the Optional Module Front Panel of the DEM-410X Install the Module Connecting to the External Redundant Power System Connecting the Switch Connecting the Switch and AP Directly Connecting the Switch to the Network Connecting to the Core Network Connecting the Switch and AP through the L2/L3 Network System Deployment Overview Installing the D-Link Unified Access SystemPage Connecting the Switch to the Network Field Description Enabling the Wlan Features on the Switch AP MAC Validation Disable ReasonAP Authentication IP Address Logging on to the AP Preparing the Access Points Configuring 802.1x Authentication Information on the AP Changing the AP Password Action Command Configuring AP-to-Switch Authentication InformationConfiguring Vlan Information on the Access Point Example 1 L2 Discovery Discovering Access Points and Peer SwitchesUnderstanding the Discovery Methods L2 Discovery Example Example 2 IP Address of AP Configured in the Switch Example 4 Dhcp Option Example 3 IP Address of Switch Configured in the AP Assigning the IP Address to Switches and Managed APs Discovery and Peer Switches Link Wlan Controller Switch with Routing Enabled Link Wlan Controller Switch with Routing Disabled Switch-prompt Interface 0/2#ip address 192.168.1.24 Link Access Point Enabling the AP and Peer Switch Discovery Link Wireless Device Discovery Protocol Configuring IP Addresses of Peers and APs in the Switch IP Address Range L3/IP DiscoveryIP List Setting the Switch IP Address in the D-Link Access Point WLAN-AP#get managed-ap Options Setting the Switch Information in the Dhcp Option Authenticating and Validating Access Points Configuring AP Authentication Requiring AP Authentication Using the Local Database for AP Validation Installing the D-Link Unified Access System Using the Radius Database for AP Validation Set the Radius server as the validation method Managing Failed or Rogue APs AP Profiles, Networks, and the Local Database Configuring Access Point SettingsAccess Point Profiles Networks Local Access Point Database Accounting Configuring AAA and Radius SettingsGlobal Radius Server Secret MAC List Configuring Wireless Radio SettingsMAC Authentication Default Action Radio Settings RTS Threshold StateSuper a Super G Dynamic Turbo Supported RF Scan SentryRate Sets Basic Channel Dtim PeriodBeacon Period Automatic RF Scan Duration Automatic PowerInitial Power Advanced Radio Configuration Managing Virtual Access Point Configuration Configuring Ssid Settings Configuring the Default Network Wireless Network Configuration Configuring Network Settings L3 Tunnel Mask AuthenticationL3 Tunnel Status L3 Tunnel Subnet None Enabling and Configuring Additional VAPsAddress Radius Secret Networks Available to the Wireless Client Configuring a VAP for L3 Tunnels L3 Roaming Example Using No Security Configuring AP Security Static WEP Configuration Using Static or Dynamic WEP Static WEP Field Description WPA Personal Configuration Using WPA/WPA2 Personal or Enterprise Static WPA Field Description Static WPA FieldDescription Configuring Valid Access Point Settings Profile Valid Access Point SummaryManaged Mode Location Password Valid AP Configuration APs operate Page Resetting the Access Points Managing and Maintaining D-Link Access Points Configuring Channel Plan and Power Settings Managing Radio Frequency Settings RF Channel Plan and Power Configuration Interval RF Channel Plan and Power AdjustmentChannel Plan History Depth Channel Plan History Viewing the Channel Plan History Initiating Manual Channel Plan Assignments Manual Power Adjustments Initiating Manual Power Adjustments File Path Upgrading the Access Point SoftwareAP Upgrade Field Description Server Address Managed AP Group Size Success Count Performing Advanced Access Point ManagementStatus Download Count Debug Enabling AP Debugging AP Debug Field Description Adjusting the Channel and Power Power Status Page Monitoring Status and Statistics Monitoring Wireless Global Information Global Wlan Statistics Peer SwitchesTotal Access Managed Access Monitoring Status and Statistics Viewing IP Discovery Status Monitoring Peer Switch Status Monitoring All Access Points Clients Monitoring All Access PointsAuthenticated Firmware Version Managed Access Point Status Monitoring Managed Access Point Status Configuration Viewing Detailed Managed Access Point Status Detailed Managed Access Point Status Viewing Managed Access Point Radio Summary Information Managed AP Radio Detail Viewing Detailed Managed Access Point Radio InformationTransmit Power Managed AP Radio Summary Viewing Managed Access Point Neighbor APs Neighbor AP MAC Viewing Clients Associated with Neighbor Access PointsManaged AP Neighbor Status Ex -802.11g Neighbor Client Viewing Managed Access Point VAPsNeighbor AP Clients Monitoring Managed AP Statistics Managed Access Point Ethernet Summary Statistics Viewing Managed Access Point Ethernet StatisticsViewing Detailed Managed Access Point Statistics Managed Access Point Wlan Summary Statistics Viewing Managed Access Point Radio Statistics Viewing Managed Access Point VAP Statistics Authentication Failed AP Status Viewing Access Point Authentication Failure Status Monitoring Rogue and RF Scan Access Points RF Scan Monitoring Associated Client Information Tunnel IP Address Viewing Associated Client StatusAssociated Client Status Summary Viewing Detailed Associated Client Status Associated Client Neighbor AP Status Viewing Associated Client Ssid StatusViewing Associated Client Neighbor AP Status Viewing Associated Client Statistics Viewing Associated Client VAP Status Transmit Retries Associated Client Association Summary StatisticsAssociated Client Summary Statistics Associated Client Association Detail Statistics Associated Client Session Detail Statistics Viewing Client Authentication Failure StatusTransmit Retries Failed Duplicates Received Failed Client Status Client Authentication Failure Status Association Failure Count Authentication Failure CountMonitoring and Managing Ad Hoc Clients Ad Hoc Client Status Ad Hoc Clients Detection Mode Creating, Configuring, and Managing AP Profiles Configuring Advanced Settings Multiple AP Profiles Adding a Profile Creating, Copying, and Deleting AP Profiles Applying the AP Profile Applying an AP Profile Configuring Global Settings RF Scan Status Enabling Snmp TrapsAP Failure Status Client Failure Snmp Traps Field Description QoS Configuration Configuring QoS Queue QoS SettingsMinimum Contention Maximum Contention Max. Burst Length WMM Mode Txop Limit Page Visualizing the Wireless Network Click Wlan Visualization Download Image Importing and Configuring a Background Image Creating a New Graph Setting Up the Graph Components Importing and Configuring a Background Image on With a graph definition length of 800 feet Multiple Graphs Graphing the Wlan Components Component Tool Tip File Understanding the Menu Bar OptionsWlan Visualization Menu Bar Options Menu Item Description On page 166 shows the difference between the tab view View Help Options Sentry Mode Detailed View Tool Tip for Radio Managed AP Information Component Information Component Attributes Links/CommandsPeer Switch Managing the Graph Other AP Wireless Client Feature Default Link Unified Access System Default SettingsDefault D-Link Wlan Controller Switch Settings Wlan Information Default D-Link Access Point Profile SettingsAP Default AP Profile Settings Link Unified Access System Default Settings Other Settings Virtual Access Point and Network Settings Radius Server Description Range Usage Attribute Configuring the External Radius ServerConfiguring Radius Settings for Access Points Radius Attributes for the Access Point Radius Server Description Range Usage Attribute Creating and Including an Attribute Dictionary FreeRADIUS Server Configuration ExampleConfiguring Radius Clients Vendor Adding Access Points to the Valid AP Database Radius Attributes for Wireless Clients Configuring Radius Settings for Wireless ClientsFreeRADIUS Example for Wireless Client Configuration Configuring Radius for Client MAC Authentication Configuring User-Based Authentication and Dynamic VLANs Configuring MAC Authentication L3 Roaming Example Configuring the Wlan and Tunnel Interfaces Using a Loopback Interface for the Wireless Functions Creating the Vlan Routing Interface Create a Vlan routing interface on Vlan L3 Roaming Example Configuring the L3 Tunnel Network Example of Configuring L3 Roaming by Using the CLI L3 Tunnel Status Description ConfiguredL3 Tunnel Status Values Switch-prompt#wireless ap profile apply Example of Configuring L3 Roaming by Using the Web Interface Configuring the Relay Agent Configuring Dhcp Relay and the Dhcp Server Configure the default router for the address pool Configuring the Dhcp Server L3 Roaming Example Setting the MTU Size Setting the MTU Size Page 802.11e and WMM Standards Support Understanding Quality of ServiceQoS and Load Balancing QoS Queues and Dscp on Packets Coordinating Traffic Flow Edcf Control of Data Frames and Aifs Packet Bursting for Better Performance Random Backoff and Contention Windows 802.1p and Dscp tags Txop Interval for Client Stations Vlan Priority Dscp Value Vlan Priority Tags All countries and regions excluding USA Warranty and Registration Information Warranties Exclusive Software Limited WarrantyHardware Limited Warranty USA Only Limited Warranty USA Only Page Warranty and Registration Information Copyright Statement Link Europe Limited Product WarrantyProduct Registration Trademarks Limitation of Product Warranty Geographical Scope of the Limited Product Warranty Product Type Product Warranty Period Limited Product Warranty PeriodPerformance of the Limited Product Warranty Warrantor Link Europe Limited Produktgarantie Laufzeit der eingeschränkten Garantie Räumlicher Geltungsbereich der eingeschränkten GarantieEinschränkung der Garantie Produkttyp Gewährleistungslaufzeit Leistungsumfang der eingeschränkten GarantieGarantiegeber Etendue géographique de la Garantie Produit Limitée Link Europe a limité la garantie des produits Type de produit Période de Garantie Limitation de la Garantie ProduitPériode de Garantie Produit Limitée Garant Garantía limitada del producto D-LINK EuropaExécution de la Garantie Produit Limitée Limitación de la garantía del producto Cobertura geográfica de la garantía limitada del producto Tipo de producto Período de garantía del Producto Período de la garantía limitada del productoUso de la garantía limitada del producto Garante Link Europe Termini di Garanzia dei Prodotti Periodo di garanzia Ambito geografico della Garanzia limitataLimitazione della Garanzia Londra NW9 5 AB Regno Unito Telefono +44-020-8731-5555 Prestazioni della Garanzia limitataPage Technical Support Technical Support Technical Support Technische Unterstützung Assistance technique Asistencia Técnica Supporto tecnico Tech Support for customers within the Netherlands Pomoc techniczna Technická podpora Technikai Támogatás Teknisk Support Link teknisk support på Internettet Teknistä tukea asiakkaille Suomessa Teknisk Support för kunder i Sverige Tech Support for customers within Australia Suporte Técnico Τεχνική Υποστήριξη Emailsupport@dlink.com.sg Tech Support for customers within India Tech Support for customers within the Russia Technical Support Emailsupport@d-link.co.za Tech Support for Latin America customers Техническая поддержка Asistencia Técnica Suporte Técnico 技术支持友冠技術支援 Europe U. K International Offices Product Model Product Serial No Registration Information Registration Information