6-62WS5100 Series Switch System Reference Guide

4.If necessary, select a security association from those displayed and click the Delete button to remove it.

6.9Configuring the Radius Server

Remote Authentication Dial-In User Service (Radius) is a client/server protocol and software enabling remote access servers to communicate with the switch to authenticate users and authorize their access to the switch managed network. For an overview on the switch’s Radius deployment, see

Radius Overview on page 6-62.

Setting up Radius on the switch entails the following:

Defining the Radius Configuration

Configuring Radius Authentication and Accounting

Configuring Radius Users

Configuring Radius User Groups

Viewing Radius Accounting Logs

NOTE: For hotspot deployment, Motorola recommends using the switch’s onboard Radius server and built-in user database. This is the easiest setup option and offers a high degree of security and accountability. For information on configuring the Radius server, see Configuring the Radius Server on page 6-62.

6.9.1 Radius Overview

Radius enables centralized management of switch authentication data (usernames and passwords). When a MU attempts to associate to the Radius supported switch, the switch sends the authentication request to the Radius server. The communication between the switch and server are authenticated and encrypted through the use of a shared secret password (not transmitted over the network).

The switch’s local Radius server stores the authentication data locally, but can also be configured to use a remote user database. A Radius server as the centralized authentication server makes is an excellent choice for performing accounting. Radius can significantly increase security by centralizing password management.

The switch can be configured to use its own local Radius server or an external Radius server you define and configure within the switch managed network. For information on the benefits and risks of using the switch’s resident Radius Server as opposed to an external Radius Server, see Using the Switch’s Radius Server Versus an External Radius on page 6-64.

NOTE: When restarting or rebooting the switch, the Radius server will also be restarted regardless of its state before the reboot.

The Radius server is used to define authentication and authorization schemes for granting the access to wireless clients. Radius is also used for authenticating hotspot and remote VPN Xauth. The switch can be configured to use 802.1x EAP for authenticating wireless clients with a Radius server. The following EAP authentication types are supported by the onboard Radius server:

TLS

TLS and MD5

TTLS and PAP

Page 286
Image 286
Motorola WS5100 Configuring the Radius Server, Radius Overview, Setting up Radius on the switch entails the following