Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

Assigning RADIUS Servers for Authentication

To assign RADIUS servers for authentication:

  1. From the top menu, click VNS.
  2. In the left pane expand the WLAN Services pane, then click the WLAN (Wireless Local Area Network) Service.
  3. Click the Auth & Acct tab.
    Click to expand in new window
    Auth & Acct Tab
    Graphics/vns_configuration_auth_acct.png
    Click to expand in new window

    WLAN Services Auth & Acct Tab - Fields and Buttons

    Field/Button Description
    Authentication
    Mode Select an authentication mode from the drop-down list:
    • Disabled
    • 802.1x
    • Internal
    • External
    • Firewall Friendly External
    • Guest Portal
    • Guest Splash
    Configure Click to configure the selected mode. For more information, see Configuring Accounting and Authentication.
    Enable MAC-based authentication Select to enable the RADIUS server to perform MAC-based authentication for the VNS with Captive Portal.
    RADIUS Servers To select a server, see Selecting RADIUS Servers.

    The RADIUS servers are defined on the Global Settings screen. For more information, see Defining RADIUS Servers and MAC Address Format.
    Collect Accounting Information of Wireless Controller Select this checkbox to enable Controller accounting.
    Note

    Note

    Both MAC-based Authorization settings work together so that a station can be allowed onto a WLAN Service if it passes MAC-based authentication or Captive Portal authentication. Owners of known stations do not have to enter credentials and owners of unknown stations can get onto the network, if authorized, via Captive Portal.
  4. Click the Radius TLVs button to open the RADIUS Access-Request Message Options dialog.
    Click to expand in new window
    RADIUS Access Request Message Options
    Graphics/radius_access_request_dialog.png
    Click to expand in new window

    RADIUS TLVs Dialog - Fields and Buttons

    Field/Button Description
    VSAs
    Vendor-Specific-Attributes in RADIUS Requests Select the appropriate check boxes to include the Vendor Specific Attributes (VSAs) in the message to the RADIUS server:
    • Ingress Rate Control
    • Egress Rate Control
    • Topology Name
    • Role Name
    • VNS Name
    • AP Name
    • SSID

    For more information, see Defining Common RADIUS Settings.
    Optional TLVs
    Chargeable-User-Identity Select to NOT return a Chargeable-User-Identity attribute for the RADIUS Server.
    Treat Access-Accept without Chargeable-User-Identity attribute as Access-Reject Select to enable feature.
    Zone Support
    RADIUS Request Call Station ID Options:
    Replace BSSID with Zone name Selecting this checkbox to allows the RADIUS client to send the AP Zone name as the BSSID instead of the radio MAC address. This feature can be enabled regardless of whether the Site is using centrally located or local RADIUS servers. Zone name is limited to 32 bytes. Each AP can have its own Zone label although it is often useful to assign the same Zone to multiple APs.
    Replace BSSID with AP Ethernet MAC Selecting this checkbox allows the RADIUS client to send the AP Ethernet MAC as the BSSID instead of the radio MAC address. This feature can be enabled regardless of whether the Site is using centrally located or local RADIUS servers. The AP MAC address value is always the AP LAN1 MAC address.
    Operator Name Select the name of the user assigned to this RADIUS server from the drop-down list. Once a name is selected, a text box displays to allow text to be entered.
  5. To save your changes, click Save.
Published May 2017prev | next

Email this topicEmail this topic

Print this pagePrint this page