Advanced Configuration

AP-700 User Guide

Management

Serial Configuration Settings

The serial port interface on the AP is enabled at all times. See Setting IP Address using Serial Port for information on how to access the CLI interface via the serial port. You can configure and view the following parameters:

Serial Baud Rate: Select the serial port speed (bits per second). Choose between 2400, 4800, 9600, 19200, 38400, or 57600; the default Baud Rate is 9600.

Serial Flow Control: Select either None (default) or Xon/Xoff (software controlled) data flow control.

NOTE: To avoid potential problems when communicating with the AP through the serial port, Proxim recommends that you leave the Flow Control setting at None (the default value).

Serial Data Bits: This is a read-only field and displays the number of data bits used in serial communication (8 data bits by default).

Serial Parity: This is a read-only field and displays the number of parity bits used in serial communication (no parity bits by default).

Serial Stop Bits: This is a read-only field that displays the number of stop bits used in serial communication (1 stop bit by default).

NOTE: The serial port bit configuration is commonly referred to as 8N1.

RADIUS Based Management Access

User management of APs can be centralized by using a RADIUS server to store user credentials. The AP cross-checks credentials using RADIUS protocol and the RADIUS server accepts or rejects the user.

HTTP/HTTPS and Telnet/SSH users can be managed with RADIUS. Serial CLI and SNMP cannot be managed by RADIUS. Two types of users can be supported using centralized RADIUS management:

Super User: The super user has access to all functionality of a management interface. A super user is configured in the RADIUS server by setting the filter ID attribute (returned in the RADIUS Accept packet) for the user to a value of “super user” (not case sensitive). A user is considered a super user if the value of the filter-idattribute returned in the RADIUS Accept packet for the user is “super user” (not case sensitive).

Limited User: A limited user has access to only a limited set of functionality on a management interface. All users who are not super users are considered limited users. However, a limited user is configured in the RADIUS server by setting the filter-idattribute (returned in the RADIUS Accept packet) to “limited user” (not case sensitive). Limited users do not have access to the following configuration capabilities:

Update/retrieve files to and from APs

Reset the AP to factory defaults

Reboot the AP

Change management properties related to RADIUS, management modes, and management passwords.

NOTE: When a user has both “limited user” and “super user” filter-ids configured in the Radius server, the user has limited user privileges.

When RADIUS Based Management is enabled, a local user can be configured to provide Telnet, SSH, and HTTP(S) access to the AP when RADIUS servers fail. The local user has super user capabilities. When secure management is enabled, the local user can only login using secure means (i.e., SSH or SSL). When the local user option is disabled the only access to the AP when RADIUS servers are down will be through serial CLI or SNMP.

The Radius Based Management Access parameters allows you to enable HTTP or Telnet Radius Management Access, to configure a RADIUS Profile for management access control, and to enable or disable local user access, and configure the local user password. You can configure and view the following parameters:

HTTP RADIUS Access Control Status: Enable RADIUS management of HTTP/HTTPS users.

Telnet RADIUS Access Control Status: Enable RADIUS management of Telnet/SSH users.

64

Page 64
Image 64
Proxim AP-700 manual Serial Configuration Settings, Radius Based Management Access