RADIUS Server Policies
A RADIUS server policy is a unique
authentication and authorization configuration for client connection requests,
authenticating users and returning the configuration information necessary to deliver
service to the requesting client and user. The client is the entity with authentication
information requiring validation. The controller, service platform or Access Point's
local RADIUS server has a database of authentication information used to validate the
client's authentication request.
The RADIUS server ensures the information is correct
using an authentication scheme like PAP, CHAP or EAP. The user's proof of
identification is verified, along with, optionally, other information. A RADIUS
server policy can also use an external LDAP resource to verify user
credentials.
-
Select .
The Server Policy Browser displays. This screen lists existing server
policies by group or randomly. A policy can be selected and modified from the
browser.
RADIUS Server Policy
Screen
-
Refer to the RADIUS Server
screen to review high-level server policy configuration data:
| RADIUS Server Policy |
Lists the administrator assigned policy name defined upon
creation of the server policy. |
| RADIUS User Pools |
Lists the user pools assigned to this server policy.
These are the client users who an administrator has assigned
to each listed group and who must adhere to its network
access requirements before granted access to controller or
service platform resources. |
| Default Source |
Displays the RADIUS resource designated for user
authentication requests. Options include Local (resident
controller or service platform RADIUS server resources) or
LDAP (designated remote LDAP resource). |
| Default Fallback |
States whether a fallback is enabled providing a revert
back to local RADIUS resources if the designated external
LDAP resource were to fail or become unavailable. A green
checkmark indicates Default Fallback is enabled. A red “X”
indicates it‘s disabled. Default Fallback is disabled by
default. |
| Authentication Type |
Lists the local EAP authentication scheme used with this
policy. The following EAP authentication types are supported
by the local RADIUS and remote LDAP servers:
- All
– Enables both TTLS and PEAP
- TLS -
Uses TLS as the EAP type
- TTLS
and MD5 - The EAP type is TTLS with default
authentication using MD5
- TTLS
and PAP - The EAP type is TTLS with default
authentication using PAP
- TTLS
and MSCHAPv2 - The EAP type is TTLS with default
authentication using MSCHAPv2
- PEAP
and GTC - The EAP type is PEAP with default
authentication using GTC
- PEAP
and MSCHAPv2 - The EAP type is PEAP with default
authentication using MSCHAPv2
|
| CRL Validation |
Specifies whether a Certificate Revocation List
(CRL) check is made. A green checkmark indicates CRL
validation is enabled. A red “X” indicates it‘s disabled.
|
-
Select a server policy from the
Server Policy Browser to edit or delete.
-
Click Copy to copy the
settings of a selected (existing) RADIUS server configuration to a new or
existing policy.
When selected, a small dialogue displays prompting the administrator to enter
the name of policy to copy the existing policy settings to. Enter the name of
the RADIUS server policy receiving the existing server policy settings within
the Copy To field and click Copy
to initiate the configuration copy operation. This feature streamlines the
creation of RADIUS server policies using the attributes of existing server
policies.
-
An existing RADIUS server policy can be renamed at
any time by selecting it from among the listed policies and clicking Rename.
This allows an administrator to simply
rename a server policy without having to create (or edit) a new policy with all
the same settings.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB