Assigning RADIUS Servers for Authentication

To assign RADIUS servers for authentication:

  1. From the top menu, click VNS.
  2. In the left pane expand the WLAN Services pane, then click the WLAN Service.
  3. Click the Auth & Acct tab.
    Click to expand in new window
    Auth & Acct Tab
    Graphics/vns_configuration_auth_acct.jpg
    Click to expand in new window

    WLAN Services Auth & Acct Tab - Fields and Buttons

    Field/Button Description
    Authentication
    Mode Select an authentication mode from the drop-down list:
    • Disabled
    • 802.1x
    • Internal
    • External
    • Firewall Friendly External
    • Guest Portal
    • Guest Splash
    Configure Click to configure the selected mode. For more information, see Configuring Accounting and Authentication.
    Enable MAC-based authentication Select to enable the RADIUS server to perform MAC-based authentication for the VNS with Captive Portal.
    RADIUS Servers Select the server you want to assign to the WLAN Service from the drop-down list, then click Use.

    The server name is added to the Server table of assigned RADIUS servers. The selected server is no longer available in the RADIUS servers drop-down list.

    The RADIUS servers are defined on the Global Settings screen. For more information, see Defining RADIUS Servers and MAC Address Format.

    In the Server table, select the checkboxes in the Auth, MAC, or Acct columns, to enable the authentication or accounting, if applicable.

    Collect Accounting Information of Wireless Controller Select this checkbox to enable Controller accounting.
    Note

    Note

    Both MAC-based Authorization settings work together so that a station can be allowed onto a WLAN Service if it passes MAC-based authentication or Captive Portal authentication. Owners of known stations do not have to enter credentials and owners of unknown stations can get onto the network, if authorized, via Captive Portal.
  4. Click the Radius TLVs button to open the RADIUS Access-Request Message Options dialog.
    Click to expand in new window
    RADIUS Access Request Message Options
    Graphics/radius_access_request_dialog.jpg
    Click to expand in new window

    RADIUS TLVs Dialog - Fields and Buttons

    Field/Button Description
    VSAs
    Vendor-Specific-Attributes in RADIUS Requests Select the appropriate checkboxes to include the Vendor Specific Attributes (VSAs) in the message to the RADIUS server:
    • Ingress Rate Control
    • Egress Rate Control
    • Topology Name
    • Role Name
    • VNS Name
    • AP Name
    • SSID

    For more information, see Defining Common RADIUS Settings.

    Optional TLVs
    Chargeable-User-Identity Select to NOT return a Chargeable-User-Identity attribute for the RADIUS Server.
    Treat Access-Accept without Chargeable-User-Identity attribute as Access-Reject Select to enable feature.
    Zone Support
    Replace Called Station ID with Zone name in RADIUS Requests Select this checkbox to allow the RADIUS client to send the AP Zone as the Called-Station ID instead of the radio MAC address. This feature can be enabled regardless of whether the Site is using centrally located or local RADIUS servers.
    Operator Name Select the name of the user assigned to this RADIUS server from the drop-down list. Once a name is selected, a text box displays to allow text to be entered.
  5. To save your changes, click Save.