A RADIUS server policy is a unique authentication and authorization configuration for client connection requests, authenticating users and returning the configuration information necessary to deliver service to the requesting client and user. The client is the entity with authentication information requiring validation. The controller, service platform or access point's local RADIUS server has a database of authentication information used to validate the client's authentication request. MSCHAPv2-LDAP
All access point models support local RADIUS server resources, with the exception of <AP6511> models which require an external RADIUS resource to validate authentication requests.
The RADIUS server ensures the information is correct using an authentication scheme like PAP, CHAP or EAP. The user's proof of identification is verified, along with, optionally, other information. A RADIUS server policy can also use an external LDAP resource to verify user credentials.
To review RADIUS existing server policies, manage the creation of new policies of manage the modification of existing policies:
Select Configuration from the main menu.
Select the Services tab from the Configuration screen.
Select RADIUS > Server Policy from the Configuration > Services menu.
The Server Policy Browser lists existing server policies by group or randomly. A policy can be selected and modified from the browser.
Refer to the RADIUS Server screen to review high-level server policy configuration data.
Select a server policy from the Server Policy Browser. The user has the option of adding a new policy, modifying an existing one, or deleting a policy.
|
RADIUS Server Policy |
Lists the administrator assigned policy name defined upon creation of the server policy. |
|
RADIUS User Pools |
Lists the user pools assigned to this server policy. These are the client users who an administrator has assigned to each listed group and who must adhere to its network access requirements before granted access to controller, service platform or access point resources. |
|
Default Source |
Displays the RADIUS resource designated for user authentication requests. Options include Local (resident onboard RADIUS server resources) or LDAP (designated remote LDAP resource). |
|
Default Fallback |
States whether a fallback is enabled providing a revert back to local RADIUS resources if the designated external LDAP resource were to fail or become unavailable. A green checkmark indicates Default Fallback is enabled. A red “X” indicates it's disabled. Default Fallback is disabled by default. |
|
Authentication Type |
Lists the authentication scheme used with this policy. The following EAP authentication types are supported by the local RADIUS and remote LDAP servers: All – Indicates that all authentication types are enabled. TLS - Uses TLS as the EAP type TTLS and MD5 - The EAP type is TTLS with default authentication using MD5. TTLS and PAP - The EAP type is TTLS with default authentication using PAP. TTLS and MSCHAPv2 - The EAP type is TTLS with default authentication using MSCHAPv2. PEAP and GTC - The EAP type is PEAP with default authentication using GTC. PEAP and MSCHAPv2 - The EAP type is PEAP with default authentication using MSCHAPv2. However, when user credentials are stored on an LDAP server, the RADIUS server cannot conduct PEAP-MSCHAPv2 authentication on its own, as it is not aware of the password. Use LDAP agent settings to locally authenticater the user. Additonally, an authentication utility (such as Samba) must be used to authenticate the user. Samba is an open source software used to share services between Windows and Linux machine. |
|
CRL Validation |
Specifies whether a Certificate Revocation List (CRL) check is made. A green checkmark indicates CRL validation is enabled. A red "X" indicates it's disabled. A CRL is a list of revoked certificates issued and subsequently revoked by a Certification Authority (CA). Certificates can be revoked for a number of reasons including failure or compromise of a device using a certificate, a compromise of a certificate key pair or errors within an issued certificate. The mechanism used for certificate revocation depends on the CA. |
Select the Copy button to copy the settings of a selected (existing) RADIUS server configuration to a new or existing policy.
When selected, a small dialogue displays prompting the administrator to enter the name of policy to copy the existing policy settings to. Enter the name of the RADIUS server policy receiving the existing server policy settings within the Copy To field and select the Copy button to initiate the configuration copy operation. This feature streamlines the creation of RADIUS server policies using the attributes of existing server policies.
An existing RADIUS server policy can be renamed at any time by selecting it from amongst the listed policies and selecting the Rename button.
This allows an administrator to simply rename a server policy without having to create (or edit) a new policy with all the same settings.
Select either Add to create a new RADIUS server policy, Edit to modify an existing policy or Delete to permanently remove a policy.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB