FreeRADIUS Server Configuration Example | D-Link DWS 3000 instruction

Configuring the External RADIUS Server

FreeRADIUS Server Configuration Example

FreeRADIUS is an open source RADIUS server that you can download free from http://www.freeradius.org. The example in this section describes the files you need to configure in order to authenticate the D-Link WLAN Controller Switch and the D-Link Access Point with the RADIUS server and to configure the Valid AP settings in the RADIUS database.

Configuring RADIUS Clients

If you require the D-Link WLAN Controller Switch or D-Link Access Points to authenticate themselves with the RADIUS server, you must configure client entries for the devices in the RADIUS server’s etc/raddb/clients.conf file.

The entry contains the IP address of the client, the shared secret, and a nickname (or DNS name) for the device.

The following entry in the clients.conf file is for a switch with the following information:

•IP address: 192.168.30.249

•Subnet mask: 255.255.255.0

•Shared secret: wireless

•DNS name: wireless-sw1

The following code shows the format of the client entry in the clients.conf file:

client 192.168.30.249/24 {

secret = wireless shortname = wireless-sw1

}

Creating and Including an Attribute Dictionary

You configure attributes in an attribute dictionary so that you can assign the attributes and values to an access point when you configure it in the Valid AP database on the RADIUS server. For example, to assign a location to an access point, the attribute you define has the following format:

ATTRIBUTE

D-Link-Wireless-AP-Location

101

string D-Link

The fields in the attribute are as follows:

•Attribute—type of entry

•D-Link-Wireless-AP-Location—name of the attribute

•101—ID number assigned to the attribute; you must use this number when you configure the location attribute

•string—type of data for the attribute

•D-Link—vendor-specific name for the attribute

The following VALUE field defines one of the of values you can assign to an AP for the AP Mode.

VALUE D-Link-Wireless-AP-Mode

WS-Managed

1

FreeRADIUS Server Configuration Example 181

Image 181

D-Link DWS 3000 user manual FreeRADIUS Server Configuration Example, Configuring Radius Clients

Contents

Copyright 2006. All rights reserved CE Mark Warning FCC WarningWarnung Precaución Table of Contents Installing the D-Link Unified Access System Managing and Maintaining D-Link Access Points Configuring the External Radius Server Technical Support Page List of Tables Page Sample Wlan Visualization List of Figures WPA Personal Configuration About This Document Symbol Description ExampleAudience Organization Safety Cautions Safety Instructions Safety Instructions General Precautions for Rack-Mountable Products Protecting Against Electrostatic Discharge Battery Handling ReminderPage Link Unified Access System Components Overview of the D-Link Unified Access SystemLink Wlan Controller Switch Wlan Visualization Link Access Point Single WCS Deployment Link Unified Access System Topology Single WCS with Layer 2 Roaming Support Peer Switch WCS Deployment Peer WCS with Layer 3 Roaming Support Understanding the User Interfaces Web Interface Layout Using the Web Interface Navigation Menu Interface Configuration Graphic Configuration and Monitoring Options Using the Command-Line InterfaceWlan Tabs Tools Menu Using Snmp Tkip AES & Ccmp Wireless System Features and Standards Support CLI Syslog Tftp System Requirements Planning the D-Link Unified Access System Network Wlan Topology Considerations Link Unified Access System Components Wiring Closet Topology Access Point Placement Access Point-to-Switch Discovery Network Planning to Support Layer 3 Roaming Inter-Subnet Roaming Hardware Overview Installing the Hardware Front Panel Components LED Indicators PoE Mode PowerFor Link/Act/Speed Mode For PoE Mode Side Panels Rear Panel Description10GE Port LEDs Combo SFP Ports Package Contents InstallationInstallation Guidelines Installing the Switch in a Rack Installing the Switch without the Rack Installing the SFP ports Powering On the SwitchPower Failure Inserting the Fiber-Optic Transceivers into the Switch Installing the Optional Module Front Panel of the DEM-410X Install the Module Connecting to the External Redundant Power System Connecting the Switch Connecting the Switch and AP Directly Connecting the Switch to the Network Connecting to the Core Network Connecting the Switch and AP through the L2/L3 Network System Deployment Overview Installing the D-Link Unified Access SystemPage Connecting the Switch to the Network Field Description Enabling the Wlan Features on the Switch AP Authentication Disable ReasonIP Address AP MAC Validation Logging on to the AP Preparing the Access Points Configuring 802.1x Authentication Information on the AP Changing the AP Password Configuring Vlan Information on the Access Point Configuring AP-to-Switch Authentication InformationAction Command Understanding the Discovery Methods Discovering Access Points and Peer SwitchesExample 1 L2 Discovery L2 Discovery Example Example 2 IP Address of AP Configured in the Switch Example 4 Dhcp Option Example 3 IP Address of Switch Configured in the AP Assigning the IP Address to Switches and Managed APs Discovery and Peer Switches Link Wlan Controller Switch with Routing Enabled Link Wlan Controller Switch with Routing Disabled Switch-prompt Interface 0/2#ip address 192.168.1.24 Link Access Point Enabling the AP and Peer Switch Discovery Link Wireless Device Discovery Protocol Configuring IP Addresses of Peers and APs in the Switch IP List L3/IP DiscoveryIP Address Range Setting the Switch IP Address in the D-Link Access Point WLAN-AP#get managed-ap Options Setting the Switch Information in the Dhcp Option Authenticating and Validating Access Points Configuring AP Authentication Requiring AP Authentication Using the Local Database for AP Validation Installing the D-Link Unified Access System Using the Radius Database for AP Validation Set the Radius server as the validation method Managing Failed or Rogue APs Access Point Profiles Configuring Access Point SettingsAP Profiles, Networks, and the Local Database Networks Local Access Point Database Global Radius Server Configuring AAA and Radius SettingsSecret Accounting MAC Authentication Configuring Wireless Radio SettingsDefault Action MAC List Radio Settings Super a Super G StateDynamic Turbo RTS Threshold Rate Sets RF Scan SentryBasic Supported Beacon Period Dtim PeriodAutomatic Channel Initial Power Automatic PowerAdvanced Radio Configuration RF Scan Duration Managing Virtual Access Point Configuration Configuring Ssid Settings Configuring the Default Network Wireless Network Configuration Configuring Network Settings L3 Tunnel Status AuthenticationL3 Tunnel Subnet L3 Tunnel Mask Address Enabling and Configuring Additional VAPsRadius Secret None Networks Available to the Wireless Client Configuring a VAP for L3 Tunnels L3 Roaming Example Using No Security Configuring AP Security Static WEP Configuration Using Static or Dynamic WEP Static WEP Field Description WPA Personal Configuration Using WPA/WPA2 Personal or Enterprise Static WPA Field Description Static WPA FieldDescription Configuring Valid Access Point Settings Managed Mode Valid Access Point SummaryLocation Profile Password Valid AP Configuration APs operate Page Resetting the Access Points Managing and Maintaining D-Link Access Points Configuring Channel Plan and Power Settings Managing Radio Frequency Settings RF Channel Plan and Power Configuration Channel Plan RF Channel Plan and Power AdjustmentHistory Depth Interval Channel Plan History Viewing the Channel Plan History Initiating Manual Channel Plan Assignments Manual Power Adjustments Initiating Manual Power Adjustments AP Upgrade Field Description Upgrading the Access Point SoftwareServer Address File Path Managed AP Group Size Status Performing Advanced Access Point ManagementDownload Count Success Count Debug Enabling AP Debugging AP Debug Field Description Adjusting the Channel and Power Power Status Page Monitoring Status and Statistics Monitoring Wireless Global Information Total Access Peer SwitchesManaged Access Global Wlan Statistics Monitoring Status and Statistics Viewing IP Discovery Status Monitoring Peer Switch Status Monitoring All Access Points Authenticated Monitoring All Access PointsFirmware Version Clients Managed Access Point Status Monitoring Managed Access Point Status Configuration Viewing Detailed Managed Access Point Status Detailed Managed Access Point Status Viewing Managed Access Point Radio Summary Information Transmit Power Viewing Detailed Managed Access Point Radio InformationManaged AP Radio Summary Managed AP Radio Detail Viewing Managed Access Point Neighbor APs Managed AP Neighbor Status Viewing Clients Associated with Neighbor Access PointsEx -802.11g Neighbor AP MAC Neighbor AP Clients Viewing Managed Access Point VAPsNeighbor Client Monitoring Managed AP Statistics Viewing Detailed Managed Access Point Statistics Viewing Managed Access Point Ethernet StatisticsManaged Access Point Wlan Summary Statistics Managed Access Point Ethernet Summary Statistics Viewing Managed Access Point Radio Statistics Viewing Managed Access Point VAP Statistics Authentication Failed AP Status Viewing Access Point Authentication Failure Status Monitoring Rogue and RF Scan Access Points RF Scan Monitoring Associated Client Information Associated Client Status Summary Viewing Associated Client StatusTunnel IP Address Viewing Detailed Associated Client Status Viewing Associated Client Neighbor AP Status Viewing Associated Client Ssid StatusAssociated Client Neighbor AP Status Viewing Associated Client Statistics Viewing Associated Client VAP Status Associated Client Summary Statistics Associated Client Association Summary StatisticsAssociated Client Association Detail Statistics Transmit Retries Transmit Retries Failed Viewing Client Authentication Failure StatusDuplicates Received Associated Client Session Detail Statistics Failed Client Status Client Authentication Failure Status Monitoring and Managing Ad Hoc Clients Authentication Failure CountAssociation Failure Count Ad Hoc Client Status Ad Hoc Clients Detection Mode Creating, Configuring, and Managing AP Profiles Configuring Advanced Settings Multiple AP Profiles Adding a Profile Creating, Copying, and Deleting AP Profiles Applying the AP Profile Applying an AP Profile Configuring Global Settings AP Failure Status Enabling Snmp TrapsClient Failure RF Scan Status Snmp Traps Field Description QoS Configuration Configuring QoS Minimum Contention QoS SettingsMaximum Contention Queue Max. Burst Length WMM Mode Txop Limit Page Visualizing the Wireless Network Click Wlan Visualization Download Image Importing and Configuring a Background Image Creating a New Graph Setting Up the Graph Components Importing and Configuring a Background Image on With a graph definition length of 800 feet Multiple Graphs Graphing the Wlan Components Component Tool Tip Wlan Visualization Menu Bar Options Understanding the Menu Bar OptionsMenu Item Description File On page 166 shows the difference between the tab view View Help Options Sentry Mode Detailed View Tool Tip for Radio Managed AP Information Peer Switch Component Attributes Links/CommandsManaging the Graph Component Information Other AP Wireless Client Default D-Link Wlan Controller Switch Settings Link Unified Access System Default SettingsFeature Default AP Default AP Profile Settings Default D-Link Access Point Profile SettingsWlan Information Link Unified Access System Default Settings Other Settings Virtual Access Point and Network Settings Configuring Radius Settings for Access Points Configuring the External Radius ServerRadius Attributes for the Access Point Radius Server Description Range Usage Attribute Radius Server Description Range Usage Attribute Configuring Radius Clients FreeRADIUS Server Configuration ExampleCreating and Including an Attribute Dictionary Vendor Adding Access Points to the Valid AP Database FreeRADIUS Example for Wireless Client Configuration Configuring Radius Settings for Wireless ClientsConfiguring Radius for Client MAC Authentication Radius Attributes for Wireless Clients Configuring User-Based Authentication and Dynamic VLANs Configuring MAC Authentication L3 Roaming Example Configuring the Wlan and Tunnel Interfaces Using a Loopback Interface for the Wireless Functions Creating the Vlan Routing Interface Create a Vlan routing interface on Vlan L3 Roaming Example Configuring the L3 Tunnel Network Example of Configuring L3 Roaming by Using the CLI L3 Tunnel Status Values ConfiguredL3 Tunnel Status Description Switch-prompt#wireless ap profile apply Example of Configuring L3 Roaming by Using the Web Interface Configuring the Relay Agent Configuring Dhcp Relay and the Dhcp Server Configure the default router for the address pool Configuring the Dhcp Server L3 Roaming Example Setting the MTU Size Setting the MTU Size Page QoS and Load Balancing Understanding Quality of Service802.11e and WMM Standards Support QoS Queues and Dscp on Packets Coordinating Traffic Flow Edcf Control of Data Frames and Aifs Packet Bursting for Better Performance Random Backoff and Contention Windows 802.1p and Dscp tags Txop Interval for Client Stations Vlan Priority Dscp Value Vlan Priority Tags All countries and regions excluding USA Warranty and Registration Information Warranties Exclusive Hardware Limited WarrantySoftware Limited Warranty USA Only Limited Warranty USA Only Page Warranty and Registration Information Product Registration Link Europe Limited Product WarrantyTrademarks Copyright Statement Limitation of Product Warranty Geographical Scope of the Limited Product Warranty Performance of the Limited Product Warranty Limited Product Warranty PeriodProduct Type Product Warranty Period Warrantor Link Europe Limited Produktgarantie Einschränkung der Garantie Räumlicher Geltungsbereich der eingeschränkten GarantieLaufzeit der eingeschränkten Garantie Garantiegeber Leistungsumfang der eingeschränkten GarantieProdukttyp Gewährleistungslaufzeit Etendue géographique de la Garantie Produit Limitée Link Europe a limité la garantie des produits Période de Garantie Produit Limitée Limitation de la Garantie ProduitType de produit Période de Garantie Exécution de la Garantie Produit Limitée Garantía limitada del producto D-LINK EuropaGarant Limitación de la garantía del producto Cobertura geográfica de la garantía limitada del producto Uso de la garantía limitada del producto Período de la garantía limitada del productoTipo de producto Período de garantía del Producto Garante Link Europe Termini di Garanzia dei Prodotti Limitazione della Garanzia Ambito geografico della Garanzia limitataPeriodo di garanzia Londra NW9 5 AB Regno Unito Telefono +44-020-8731-5555 Prestazioni della Garanzia limitataPage Technical Support Technical Support Technical Support Technische Unterstützung Assistance technique Asistencia Técnica Supporto tecnico Tech Support for customers within the Netherlands Pomoc techniczna Technická podpora Technikai Támogatás Teknisk Support Link teknisk support på Internettet Teknistä tukea asiakkaille Suomessa Teknisk Support för kunder i Sverige Tech Support for customers within Australia Suporte Técnico Τεχνική Υποστήριξη Emailsupport@dlink.com.sg Tech Support for customers within India Tech Support for customers within the Russia Technical Support Emailsupport@d-link.co.za Tech Support for Latin America customers Техническая поддержка Asistencia Técnica Suporte Técnico 技术支持友冠技術支援 Europe U. K International Offices Product Model Product Serial No Registration Information Registration Information