Switch Security 6-69

Cert Trustpoint

Click the View/Change button to specify the trustpoint from which the Radius server

 

automatically grants certificate enrollment requests. A trustpoint is a representation of a CA

 

or identity pair. A trustpoint contains the identity of the CA, CA-specific configuration

 

parameters, and an association with one enrolled identity certificate. If the server certificate

 

trustpoint is not used, the default trustpoint will be used instead.

CA Cert Trustpoint

Click the View/Change button to specify the CA certificate trustpoint from which the Radius

 

server automatically grants certificate enrollment requests. A trustpoint is a representation

 

of a CA or identity pair. A trustpoint contains the identity of the CA, CA-specific configuration

 

parameters, and an association with one enrolled identity certificate.

 

If a CA trustpoint is not specified, the "default trustpoint's CA certificate is used as a ca

 

certificate. If the "Default trustpoint" does not have a CA certificate, the server certificate

 

itself will be used as the CA certificate.

NOTE: EAP-TLS will not work with a default trustpoint, proper CA and Server trustpoints must be configured for EAP-TLS.For information on configuring certificates for use with the switch, see Creating Server Certificates on page 6-74.

4.Refer to the LDAP Server Details field to define the attributes of the primary and secondary Radius LDAP servers providing access to external databes to be used with local Radius servers.

IP Address

Enter the IP address of the external LDAP server acting as the data source for the Radius

 

server. This server must be accessible from an active subnet on the switch.

Port

Enter the TCP/IP port number for the LDAP server acting as the data source.

Password Attribute

Enter the password attribute used by the LDAP server for authentication.

Bind DN

Specify the distinguished name to bind with the LDAP server.

Bind Password

Enter a valid password for the LDAP server.

Base DN

Specify a distinguished name that establishes the base object for the search. The base

 

object is the point in the LDAP tree at which to start searching.

User Login Filter

Enter the login used by the LDAP server for authentication.

Group Filter

Specify the group filters used by your LDAP server.

Group Membership

Specify the Group Member Attribute to be sent to the LDAP server when authenticating the

Attribute

users.

Group Attribute

Specify the group attribute used by the LDAP server.

Net Timeout

Enter a timeout value the system uses to terminate the connection to the Radius Server if no

 

activity is detected.

5.Click the Apply button to save the changes made to within the screen.

6.Click the Revert button to cancel any changes made within the screen and revert back to the last saved configuration.

6.9.5Configuring Radius Users

Refer to the Users tab to view the current set of users and assigned groups for the Radius server. The Users tab is used when Local is selected as the Auth Data Source within the Authentication & Accounting tab. The user information is ignored if an LDAP server is used for user authentication.

Page 293
Image 293
Motorola WS5100 manual Configuring Radius Users, CA Cert Trustpoint, Activity is detected