Manuals / Enterasys Networks / Computer Equipment / Network Router

Enterasys Networks RBT-4102 manual Radius

Models: RBT-4102

1 168

Download 168 pages 49.88 Kb

Page 47

RADIUS

RADIUS

RADIUS

Remote Authentication Dial‐in User Service (RADIUS) is an authentication protocol that uses software running on a central server to control access to RADIUS‐aware devices on the network. An authentication server contains a database of user credentials for each user that requires access to the network.

A primary RADIUS server must be specified for the RBT‐4102 to implement IEEE 802.1x network access control and Wi‐Fi Protected Access (WPA) wireless security. A secondary RADIUS server may also be specified as a backup should the primary server fail or become inaccessible.

In addition, the configured RADIUS server can also act as a RADIUS Accounting server and receive user‐session accounting information from the access point. RADIUS Accounting can be used to provide valuable information on user activity in the network.

If you are using MAC authentication, you must provide the following information to the RADIUS Server Network Administrator:

•MAC Address of your wireless client. This becomes the username, which is case‐sensitive (lower‐case), and in the format: 00‐01‐f4‐ab‐cd‐ef.

•Configure the RADIUS server to authenticate using the default password of “NOPASSWORD” for all the MAC address based user names.

Notes:

• This guide assumes that you already configured RADIUS server(s) to support the access point. Configuration of RADIUS server software is beyond the scope of this guide, refer to the documentation provided with the RADIUS server software.

•If you are using RADIUS, it is highly recommended that you assign a static IP address to ensure that the address doesn’t change via DHCP.

RoamAbout RBT-4102 Wireless Access Point Configuration Guide 4-11

Image 47

Enterasys Networks RBT-4102 manual Radius

Contents

Enterasys RoamAbout RBT-4102 Wireless Access Point Configuration GuideWireless Networking Page Enterasys Networks, Inc 50 Minuteman Road Andover, MA You and Enterasys agree as follows Enterasys Networks, Inc. Firmware License AgreementBEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT CAREFULLY READ THIS LICENSE AGREEMENT5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Program i was developed solely at private expense ii contains “restricted computer software” submitted with restricted rights in accordance with section 52.227‐19 a through d of the Commercial Computer Software‐Restricted Rights Clause and its successors, and iii in all respects is proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Program is considered commercial computer software in accordance with DFARS section 227.7202‐3 and its successors, and use, duplication, or disclosure by the U.S. Government is subject to restrictions set forth herein 11. ASSIGNMENT. You may not assign, transfer or sublicense this Agreement or any of Your rights or obligations under this Agreement, except that You may assign this Agreement to any person or entity which acquires substantially all of Your stock assets. Enterasys may assign this Agreement in its sole discretion. This Agreement shall be binding upon and inure to the benefit of the parties, their legal representatives, permitted transferees, successors and assigns as permitted by this Agreement. Any attempted assignment, transfer or sublicense in violation of the terms of this Agreement shall be void and a breach of this Agreement 4. TITLE AND PROPRIETARY RIGHTS Enterasys Networks, Inc. Software License Agreementto Enterasys 12. GENERAL viii Chapter 4 Advanced Configuration ContentsChapter 2 Network Configuration Chapter 3 Initial ConfigurationFilter Control and VLANs Index Appendix A Default SettingsAppendix B Troubleshooting Page Firmware Version Support PrefacePurpose of This Manual Intended AudienceDescription Getting HelpConvention Overview IntroductionPolicy FeaturesApplications 1-4 Introduction ApplicationsOverview Network ConfigurationAd Hoc Wireless LAN no Access Point or Bridge Figure 2-1 Ad Hoc Wireless LANNetwork Topologies Figure 2-2 Infrastructure Wireless LAN Infrastructure Wireless LANFigure 2-3 Infrastructure Wireless LAN for Roaming Infrastructure Wireless LAN for Roaming Wireless PCsFigure 2-4 Infrastructure Wireless Bridge Infrastructure Wireless BridgeNetwork Topologies 2-6 Network ConfigurationOverview Initial ConfigurationInitial Setup Using the CLI Required ConnectionsLogging In c. Reboot the RoamAbout RBT‐4102 Using Web Management If applicable, the County Code page appears, go to step d. Click OK The access point reboots, and the Login window appears 4. Enter the following information, and click Apply d. Click Apply at the bottom of the page h. Click OK The access point reboots c. Specify a new password in the Password field Table 4-1 Advanced Configuration Advanced ConfigurationUsing the Web Interface Using the Command Line Interface CLIPage Table 4-1 Advanced Configuration continuedMenu DescriptionIdentification Using Web Management to Configure System InformationUsing the CLI to Configure System Information TCP / IP Settings Using Web Management to Configure TCP/IP The access point only supports SSH version Example Using the CLI to Configure TCP/IPTCP/IP Configuration Example SSH ConfigurationEthernet Settings Configuration ExampleSpeed-duplexOper 100Base-TX Full Duplex Auto Negotiate Disable Speed-duplexAdmin 100Base-TX Full DuplexTCP / IP Settings 4-10 Advanced ConfigurationRADIUS Using Web Management to Configure RADIUS Description Table 4-2 RADIUS AttributesRADIUS Accounting Attribute RADIUS Accounting enables or disables the AP to send RADIUS accounting information for clients to the RADIUS accounting server. Default DisableRADIUS Accounting Attribute Using the CLI to Configure RADIUSTable 4-2 RADIUS Attributes continued ExampleAuthentication Using Web Management to Configure Authentication Example Using the CLI to Configure AuthenticationFilter Control and VLANs Using Web Management to Configure Filter Control and VLANsIBSS Relay Control, in conjunction with radio interface and Virtual AP VAP IBSS settings, controls whether clients associated with an interface or VAP can establish wireless communications with clients associated with other interfaces or VAPs. Default All VAP mode Example Using the CLI to Configure Filter Control and VLANsCLI Commands for VLAN Support Page Example CLI Commands for FilteringExample SVP CommandsGlobal Status CDP SettingsUsing Web Management to Configure CDP Port Status Disable ‐ disables this AP from using CDP Example Using the CLI to Configure CDPRogue AP Detection Using Web Management to Configure Rogue AP DetectionExample Using the CLI to Configure Rogue AP Detection802.11a Rogue AP Status SNMP Using Web Management to Configure SNMPDescription Table 4-3 SNMP NotificationsNotification SNMP allows you to enable or disable SNMP management access and also enables the access point to send SNMP traps notifications. SNMP management is enabled by defaultTable 4-3 SNMP Notifications continued User specifies string to identify an SNMP user. 32 characters maximum Security LevelIP Address is the IP address of the user SNMP TargetsSNMP Filter Examples Using the CLI to Configure SNMPCLI Commands for SNMP Examples CLI Commands for Configuring SNMPv3 Users and GroupsRoamAbout 4102#show snmp group-assignments GroupName TPS RoamAbout RBT-4102 Wireless Access Point Configuration GuidePassphrase PrivType DES Passphrase =============================================Example CLI Commands for Configuring SNMPv3 TargetsCLI Commands for Configuring SNMPv3 Trap Filters ExampleChanging the Password AdministrationUsing Web Management to Change the Password Enabling and Disabling Com Port Using the CLI to Change the PasswordUsing Web Management to Enable and Disable Com Port Using the CLI to Enable and Disable Com PortUpgrading Firmware Using Web Management to Upgrade Firmware Example Using the CLI to Upgrade FirmwareSystem Log Using Web Management to Configure System LogDescription Error LevelTable 4-4 Logging Level Descriptions Logging Level sets the severity level for event loggingExamples Using the CLI to Configure System LogUsing Web Management to Configure SNTP Examples Using the CLI to Configure SNTPWDS and STP WDS and STP4-50 Advanced Configuration WDS and STP Using Web Management to Configure WDS and STPRoamAbout RBT-4102 Wireless Access Point Configuration Guide Select WDS & STP from the menuBridge enables/disables STP on the wireless bridge. Default Disabled ‐ Range 0‐65535 ‐ Default Example Using the CLI to Configure WDSExamples Example Using the CLI to Configure STPRadio Interface Radio Signal CharacteristicsUsing Web Management to Configure Interface Radio Settings Radio SettingsValue Table 4-5 VLAN ID RADIUS AttributesNumber RADIUS AttributeNote The Antenna ID must be selected in conjunction with the Antenna Control Method to configure proper use of any of the antenna options Default 802.11b and 802.11g faster. Using higher DTIM values reduces the power used by stations in Power Save mode, but delays the transmission of broadcast/multicast frames. Range 1‐255 beacons Default 2 beacons Set any other parameters as required Using the CLI to Configure the 802.11a Interface Radio SettingsExample 802.11 Parameters Authentication ParametersQuality of Service ExampleAdmission Control No Example Using the CLI to Configure the 802.11b/g Interface Radio SettingsExample Authentication ParametersQuality of Service Radio Interface WMM Operation Wi-Fi Multimedia WMM ConfigurationTable 4-6 WMM Access Categories AccessFigure 4-1 WMM Backoff Wait times Using Web Management to Configure WMMExamples Using the CLI to Configure WMMSecurity AntennaAdmission Control No Using Web Management to Configure Virtual APs Virtual APs VAPs ConfigurationRadio Interface 4-74 Advanced ConfigurationExamples Using the CLI to Configure Virtual APs802.11 Parameters To view VAP settings, use the show interface wireless ag vap# commandAdmission Control No Mechanism SecurityTable 4-7 Security Mechanisms SecurityUsing Web Management to Configure Security Settings Wired Equivalent Privacy WEPKey Len specifies whether to use 64, 128 or 152 bit keys Security RoamAbout RBT-4102 Wireless Access Point Configuration GuideTo use Pre‐Authentication, you must have the following AuthenticationHexadecimal uses a key made up of a string of 64 hexadecimal numbers 802.1x AuthenticationThe 802.1x EAP packets are also used to pass dynamic unicast session keys and static broadcast keys to wireless clients. Session keys are unique to each client and are used to encrypt and correlate traffic passing between a specific client and the access point. You can also enable broadcast key rotation, so the access point provides a dynamic broadcast key and changes it at a specified interval If you specify RADIUS MAC for this default interface or VAP, you must specify the following parameters Example Using the CLI to Configure WPA Pre-Shared KeyUsing the CLI to Configure WPA over 802.1X Security ExampleExample g commandAuthentication Parameters Quality of ServiceAC1Background Examples Using the CLI to Configure Local MAC Authentication802.11a 4-90 Advanced ConfigurationIndex MAC Address StatusExamples Using the CLI to Configure RADIUS MAC AuthenticationExample Examples Using the CLI to Configure WEP Shared Key SecurityPage Examples Using the CLI to Configure WEP over 802.1x SecurityWPA Key Mgmt Mode Examples Using the CLI to Configure WPA2 SecurityWPA PSK Key Type Examples Using the CLI to Configure WPA2 Pre-Shared Key SecurityExamples Multicast cipher Menu Status InformationTable 4-8 Status Status information is described in Table 4‐8Status Information Using Web Management to View AP Status4-102 Advanced Configuration Select AP Status from the menuSystem Up Time is the length of time the management agent has been up Examples Using the CLI to Display AP StatusUsing Web Management to View CDP Status Example Using the CLI to Display CDP StatusStatus Information Using Web Management to View Station StatusRoamAbout RBT-4102 Wireless Access Point Configuration Guide Station Address is the MAC address of the wireless client Using Web Management to View Neighbor AP Detection Status Example Using the CLI to View Neighbor AP Detection StatusForward Transitions Using Web Management to View WDS-STP StatusExample Using the CLI to View WDS-STP Statusshow bridge Example show bridge linkChild Status Example Root Bridge StatusUsing Web Management to View Event Logs Examples Using the CLI to View Event LogsFrom the global configuration mode, use the show logging command command from the Executive mode. clear command from the GlobalStatus Information RoamAbout RBT-4102 Wireless Access Point Configuration GuideStatus Information 4-118 Advanced ConfigurationParameter Default SettingsFeature DefaultParameter FeatureDefault A-2 Default SettingsParameter FeatureDefault RoamAbout RBT-4102 Wireless Access Point Configuration Guide A-3Parameter FeatureDefault A-4 Default SettingsParameter FeatureDefault RoamAbout RBT-4102 Wireless Access Point Configuration Guide A-5Parameter FeatureDefault A-6 Default SettingsTroubleshooting Steps Troubleshooting4. If you forgot or lost the password Maximum Distance Tables Table B-1 802.11a Wireless Distance Speed and Distance Ranges1Table B-2 802.11b Wireless Distance Speed and Distance Ranges1 Table B-3 802.11g Wireless Distance Table Speed and Distance Ranges1Maximum Distance Tables B-4 TroubleshootingNumerics IndexCLI 4-28 detection WDS 4-50 bridge 4-52 CLI Index-4