Manuals / D-Link / Computer Equipment / Network Router

D-Link DWS 3000 user manual FreeRADIUS Server Configuration Example, Configuring Radius Clients

Models: DWS 3000

1 262

Download 262 pages 22.11 Kb

Page 181

Configuring the External RADIUS Server

FreeRADIUS Server Configuration Example

FreeRADIUS is an open source RADIUS server that you can download free from http://www.freeradius.org. The example in this section describes the files you need to configure in order to authenticate the D-Link WLAN Controller Switch and the D-Link Access Point with the RADIUS server and to configure the Valid AP settings in the RADIUS database.

Configuring RADIUS Clients

If you require the D-Link WLAN Controller Switch or D-Link Access Points to authenticate themselves with the RADIUS server, you must configure client entries for the devices in the RADIUS server’s etc/raddb/clients.conf file.

The entry contains the IP address of the client, the shared secret, and a nickname (or DNS name) for the device.

The following entry in the clients.conf file is for a switch with the following information:

•IP address: 192.168.30.249

•Subnet mask: 255.255.255.0

•Shared secret: wireless

•DNS name: wireless-sw1

The following code shows the format of the client entry in the clients.conf file:

client 192.168.30.249/24 {

secret = wireless shortname = wireless-sw1

}

Creating and Including an Attribute Dictionary

You configure attributes in an attribute dictionary so that you can assign the attributes and values to an access point when you configure it in the Valid AP database on the RADIUS server. For example, to assign a location to an access point, the attribute you define has the following format:

ATTRIBUTE

D-Link-Wireless-AP-Location

101

string D-Link

The fields in the attribute are as follows:

•Attribute—type of entry

•D-Link-Wireless-AP-Location—name of the attribute

•101—ID number assigned to the attribute; you must use this number when you configure the location attribute

•string—type of data for the attribute

•D-Link—vendor-specific name for the attribute

The following VALUE field defines one of the of values you can assign to an AP for the AP Mode.

VALUE D-Link-Wireless-AP-Mode

WS-Managed

1

FreeRADIUS Server Configuration Example 181

Image 181

D-Link DWS 3000 user manual FreeRADIUS Server Configuration Example, Configuring Radius Clients

Contents

Copyright 2006. All rights reserved CE Mark Warning FCC WarningWarnung PrecauciónTable of Contents Installing the D-Link Unified Access System Managing and Maintaining D-Link Access Points Configuring the External Radius Server Technical Support Page List of Tables Page Sample Wlan Visualization List of FiguresWPA Personal Configuration About This Document Symbol Description ExampleAudience OrganizationSafety Cautions Safety InstructionsSafety Instructions General Precautions for Rack-Mountable Products Protecting Against Electrostatic Discharge Battery Handling ReminderPage Link Unified Access System Components Overview of the D-Link Unified Access SystemLink Wlan Controller Switch Wlan Visualization Link Access PointSingle WCS Deployment Link Unified Access System TopologySingle WCS with Layer 2 Roaming Support Peer Switch WCS DeploymentPeer WCS with Layer 3 Roaming Support Understanding the User InterfacesWeb Interface Layout Using the Web InterfaceNavigation Menu Interface Configuration GraphicConfiguration and Monitoring Options Using the Command-Line InterfaceWlan Tabs Tools MenuUsing Snmp Tkip AES & Ccmp Wireless System Features and Standards SupportCLI Syslog Tftp System Requirements Planning the D-Link Unified Access System NetworkWlan Topology Considerations Link Unified Access System ComponentsWiring Closet Topology Access Point Placement Access Point-to-Switch DiscoveryNetwork Planning to Support Layer 3 Roaming Inter-Subnet Roaming Hardware Overview Installing the HardwareFront Panel Components LED IndicatorsPoE Mode PowerFor Link/Act/Speed Mode For PoE ModeSide Panels Rear Panel Description10GE Port LEDs Combo SFP PortsPackage Contents InstallationInstallation Guidelines Installing the Switch in a Rack Installing the Switch without the RackInstalling the SFP ports Powering On the SwitchPower Failure Inserting the Fiber-Optic Transceivers into the Switch Installing the Optional ModuleFront Panel of the DEM-410X Install the ModuleConnecting to the External Redundant Power System Connecting the SwitchConnecting the Switch and AP Directly Connecting the Switch to the NetworkConnecting to the Core Network Connecting the Switch and AP through the L2/L3 NetworkSystem Deployment Overview Installing the D-Link Unified Access SystemPage Connecting the Switch to the Network Field Description Enabling the Wlan Features on the SwitchAP Authentication Disable ReasonIP Address AP MAC ValidationLogging on to the AP Preparing the Access PointsConfiguring 802.1x Authentication Information on the AP Changing the AP PasswordConfiguring Vlan Information on the Access Point Configuring AP-to-Switch Authentication InformationAction Command Understanding the Discovery Methods Discovering Access Points and Peer SwitchesExample 1 L2 Discovery L2 Discovery Example Example 2 IP Address of AP Configured in the SwitchExample 4 Dhcp Option Example 3 IP Address of Switch Configured in the APAssigning the IP Address to Switches and Managed APs Discovery and Peer SwitchesLink Wlan Controller Switch with Routing Enabled Link Wlan Controller Switch with Routing DisabledSwitch-prompt Interface 0/2#ip address 192.168.1.24 Link Access Point Enabling the AP and Peer Switch DiscoveryLink Wireless Device Discovery Protocol Configuring IP Addresses of Peers and APs in the Switch IP List L3/IP DiscoveryIP Address Range Setting the Switch IP Address in the D-Link Access Point WLAN-AP#get managed-ap Options Setting the Switch Information in the Dhcp OptionAuthenticating and Validating Access Points Configuring AP Authentication Requiring AP Authentication Using the Local Database for AP ValidationInstalling the D-Link Unified Access System Using the Radius Database for AP Validation Set the Radius server as the validation method Managing Failed or Rogue APs Access Point Profiles Configuring Access Point SettingsAP Profiles, Networks, and the Local Database Networks Local Access Point DatabaseGlobal Radius Server Configuring AAA and Radius SettingsSecret AccountingMAC Authentication Configuring Wireless Radio SettingsDefault Action MAC ListRadio Settings Super a Super G StateDynamic Turbo RTS ThresholdRate Sets RF Scan SentryBasic SupportedBeacon Period Dtim PeriodAutomatic ChannelInitial Power Automatic PowerAdvanced Radio Configuration RF Scan DurationManaging Virtual Access Point Configuration Configuring Ssid SettingsConfiguring the Default Network Wireless Network Configuration Configuring Network SettingsL3 Tunnel Status AuthenticationL3 Tunnel Subnet L3 Tunnel MaskAddress Enabling and Configuring Additional VAPsRadius Secret NoneNetworks Available to the Wireless Client Configuring a VAP for L3 TunnelsL3 Roaming Example Using No Security Configuring AP SecurityStatic WEP Configuration Using Static or Dynamic WEPStatic WEP Field Description WPA Personal Configuration Using WPA/WPA2 Personal or EnterpriseStatic WPA Field Description Static WPA FieldDescription Configuring Valid Access Point SettingsManaged Mode Valid Access Point SummaryLocation ProfilePassword Valid AP ConfigurationAPs operate Page Resetting the Access Points Managing and Maintaining D-Link Access PointsConfiguring Channel Plan and Power Settings Managing Radio Frequency SettingsRF Channel Plan and Power Configuration Channel Plan RF Channel Plan and Power AdjustmentHistory Depth IntervalChannel Plan History Viewing the Channel Plan HistoryInitiating Manual Channel Plan Assignments Manual Power Adjustments Initiating Manual Power AdjustmentsAP Upgrade Field Description Upgrading the Access Point SoftwareServer Address File PathManaged AP Group SizeStatus Performing Advanced Access Point ManagementDownload Count Success CountDebug Enabling AP DebuggingAP Debug Field Description Adjusting the Channel and PowerPower Status Page Monitoring Status and Statistics Monitoring Wireless Global InformationTotal Access Peer SwitchesManaged Access Global Wlan StatisticsMonitoring Status and Statistics Viewing IP Discovery Status Monitoring Peer Switch StatusMonitoring All Access Points Authenticated Monitoring All Access PointsFirmware Version ClientsManaged Access Point Status Monitoring Managed Access Point StatusConfiguration Viewing Detailed Managed Access Point StatusDetailed Managed Access Point Status Viewing Managed Access Point Radio Summary Information Transmit Power Viewing Detailed Managed Access Point Radio InformationManaged AP Radio Summary Managed AP Radio DetailViewing Managed Access Point Neighbor APs Managed AP Neighbor Status Viewing Clients Associated with Neighbor Access PointsEx -802.11g Neighbor AP MACNeighbor AP Clients Viewing Managed Access Point VAPsNeighbor Client Monitoring Managed AP Statistics Viewing Detailed Managed Access Point Statistics Viewing Managed Access Point Ethernet StatisticsManaged Access Point Wlan Summary Statistics Managed Access Point Ethernet Summary StatisticsViewing Managed Access Point Radio Statistics Viewing Managed Access Point VAP Statistics Authentication Failed AP Status Viewing Access Point Authentication Failure StatusMonitoring Rogue and RF Scan Access Points RF Scan Monitoring Associated Client Information Associated Client Status Summary Viewing Associated Client StatusTunnel IP Address Viewing Detailed Associated Client Status Viewing Associated Client Neighbor AP Status Viewing Associated Client Ssid StatusAssociated Client Neighbor AP Status Viewing Associated Client Statistics Viewing Associated Client VAP StatusAssociated Client Summary Statistics Associated Client Association Summary StatisticsAssociated Client Association Detail Statistics Transmit RetriesTransmit Retries Failed Viewing Client Authentication Failure StatusDuplicates Received Associated Client Session Detail StatisticsFailed Client Status Client Authentication Failure StatusMonitoring and Managing Ad Hoc Clients Authentication Failure CountAssociation Failure Count Ad Hoc Client Status Ad Hoc ClientsDetection Mode Creating, Configuring, and Managing AP Profiles Configuring Advanced SettingsMultiple AP Profiles Adding a Profile Creating, Copying, and Deleting AP ProfilesApplying the AP Profile Applying an AP ProfileConfiguring Global Settings AP Failure Status Enabling Snmp TrapsClient Failure RF Scan StatusSnmp Traps Field Description QoS Configuration Configuring QoSMinimum Contention QoS SettingsMaximum Contention QueueMax. Burst Length WMM ModeTxop Limit Page Visualizing the Wireless Network Click Wlan Visualization Download Image Importing and Configuring a Background ImageCreating a New Graph Setting Up the Graph ComponentsImporting and Configuring a Background Image on With a graph definition length of 800 feet Multiple Graphs Graphing the Wlan ComponentsComponent Tool Tip Wlan Visualization Menu Bar Options Understanding the Menu Bar OptionsMenu Item Description FileOn page 166 shows the difference between the tab view ViewHelp OptionsSentry Mode Detailed View Tool Tip for Radio Managed AP Information Peer Switch Component Attributes Links/CommandsManaging the Graph Component InformationOther AP Wireless ClientDefault D-Link Wlan Controller Switch Settings Link Unified Access System Default SettingsFeature Default AP Default AP Profile Settings Default D-Link Access Point Profile SettingsWlan Information Link Unified Access System Default Settings Other Settings Virtual Access Point and Network SettingsConfiguring Radius Settings for Access Points Configuring the External Radius ServerRadius Attributes for the Access Point Radius Server Description Range Usage AttributeRadius Server Description Range Usage Attribute Configuring Radius Clients FreeRADIUS Server Configuration ExampleCreating and Including an Attribute Dictionary Vendor Adding Access Points to the Valid AP Database FreeRADIUS Example for Wireless Client Configuration Configuring Radius Settings for Wireless ClientsConfiguring Radius for Client MAC Authentication Radius Attributes for Wireless ClientsConfiguring User-Based Authentication and Dynamic VLANs Configuring MAC Authentication L3 Roaming Example Configuring the Wlan and Tunnel InterfacesUsing a Loopback Interface for the Wireless Functions Creating the Vlan Routing Interface Create a Vlan routing interface on Vlan L3 Roaming Example Configuring the L3 Tunnel Network Example of Configuring L3 Roaming by Using the CLI L3 Tunnel Status Values ConfiguredL3 Tunnel Status Description Switch-prompt#wireless ap profile apply Example of Configuring L3 Roaming by Using the Web Interface Configuring the Relay Agent Configuring Dhcp Relay and the Dhcp ServerConfigure the default router for the address pool Configuring the Dhcp ServerL3 Roaming Example Setting the MTU Size Setting the MTU Size Page QoS and Load Balancing Understanding Quality of Service802.11e and WMM Standards Support QoS Queues and Dscp on Packets Coordinating Traffic FlowEdcf Control of Data Frames and Aifs Packet Bursting for Better Performance Random Backoff and Contention Windows802.1p and Dscp tags Txop Interval for Client StationsVlan Priority Dscp Value Vlan Priority TagsAll countries and regions excluding USA Warranty and Registration InformationWarranties Exclusive Hardware Limited WarrantySoftware Limited Warranty USA Only Limited Warranty USA Only Page Warranty and Registration Information Product Registration Link Europe Limited Product WarrantyTrademarks Copyright StatementLimitation of Product Warranty Geographical Scope of the Limited Product WarrantyPerformance of the Limited Product Warranty Limited Product Warranty PeriodProduct Type Product Warranty Period Warrantor Link Europe Limited ProduktgarantieEinschränkung der Garantie Räumlicher Geltungsbereich der eingeschränkten GarantieLaufzeit der eingeschränkten Garantie Garantiegeber Leistungsumfang der eingeschränkten GarantieProdukttyp Gewährleistungslaufzeit Etendue géographique de la Garantie Produit Limitée Link Europe a limité la garantie des produitsPériode de Garantie Produit Limitée Limitation de la Garantie ProduitType de produit Période de Garantie Exécution de la Garantie Produit Limitée Garantía limitada del producto D-LINK EuropaGarant Limitación de la garantía del producto Cobertura geográfica de la garantía limitada del productoUso de la garantía limitada del producto Período de la garantía limitada del productoTipo de producto Período de garantía del Producto Garante Link Europe Termini di Garanzia dei ProdottiLimitazione della Garanzia Ambito geografico della Garanzia limitataPeriodo di garanzia Londra NW9 5 AB Regno Unito Telefono +44-020-8731-5555 Prestazioni della Garanzia limitataPage Technical Support Technical SupportTechnical Support Technische Unterstützung Assistance technique Asistencia Técnica Supporto tecnico Tech Support for customers within the Netherlands Pomoc techniczna Technická podpora Technikai Támogatás Teknisk Support Link teknisk support på Internettet Teknistä tukea asiakkaille Suomessa Teknisk Support för kunder i Sverige Tech Support for customers within Australia Suporte Técnico Τεχνική Υποστήριξη Emailsupport@dlink.com.sg Tech Support for customers within India Tech Support for customers within the Russia Technical Support Emailsupport@d-link.co.za Tech Support for Latin America customers Техническая поддержка Asistencia Técnica Suporte Técnico 技术支持友冠技術支援 Europe U. K International OfficesProduct Model Product Serial No Registration InformationRegistration Information