Motorola WS5100 6.9.3.1Radius Client Configuration, 6.9.3.2Radius Proxy Server Configuration

6-66WS5100 Series Switch System Reference Guide

6.9.3.1Radius Client Configuration

A Radius client implements a client/server mechanism enabling the switch to communicate with a central server to authenticate users and authorize their access to the switch managed network. A Radius client is often an embedded device since it alleviates the need to store detailed user information locally.

To configure Radius client support:

1.Select Security > Radius Server from the main menu.

2.Ensure the Configuration tab is selected.

3.Select the Clients tab from the bottom portion of the Configuration tab.

The Clients tab displays the IP address and subnet mask of the switch’s existing Radius clients.

4.To edit an existing Radius client configuration, select it from the table and click the Edit button.

The Edit screen displays the Radius client’s existing IP address, subnet mask and shared secret password used for credential verification. Modify these settings as required.

5.To remove an existing Radius client configuration from the table of configurations available to the switch, select the configuration and click the Delete button.

6.To create a new Radius client configuration, click the Add button at the bottom of the screen.

a. Specify the IP Address/Mask of the subnet or host authenticating with the Radius client.

b. Specify a Radius Shared Secret for authenticating the RADIUS client.

Shared secrets are used to verify Radius messages (with the exception of the Access-Request message) are sent by a Radius -enabled device configured with the same shared secret. The shared secret is a case-sensitive string that can include letters, numbers, or symbols. Make the shared secret at least 22 characters long to protect the Radius server from brute-force attacks. The max length of the shared secret is 31 characters.

c. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if something goes wrong in the transaction between the applet and the switch.

d. Click OK to use the changes to the running configuration and close the dialog.

e. Click Cancel to close the dialog without committing updates to the running configuration

6.9.3.2Radius Proxy Server Configuration

The switch can be configured to send Radius requests to a proxy radius server. A user's access request is sent to a proxy server if it cannot be authenticated by a local server. The proxy server forwards the access request to a proxy server that can authenticate the user. The proxy server checks the information in the user access request and either accepts or rejects the request. If the proxy target server accepts the request, it returns configuration information specifying the type of connection service required to authenticate the user.