More services
BAT54-Rail/F..
Release
7.54
06/08
12.10
Extensions to the RADIUS server
511
D Provide server database [default: yes]
This parameter specifies whether the WLAN access list is to be used as
an information source for the RADIUS server in the BAT access point.
The WLAN access list contains the user name in the form of the MAC
address and the password ('WPA passphrase'). In addition to this access
data, the access list provides information such as bandwidth restriction
and association to a specific VLAN.
D Recheck cycle [default: 0]
Once a WLAN client is logged on after authentication by RADIUS, it
remains active until it logs off itself or is logged off by the RADIUS server.
By specifying a recheck cycle [minutes], the RADIUS server can regu-
larly check whether the WLAN clients logged in are still in the access list.
If a WLAN client is removed from the access list, it remains logged in to
the WLAN up to the point when the recheck cycle runs again.
Note: A recheck cycle of '0' disables regular checking. WLAN clients remain
logged in until they log themselves out.
12.10Extensions to the RADIUS
server
12.10.1New authentication method
Up to version 6.30 the LCOS RADIUS server supported PAP as an authen-
tication method only, i.e. the RADIUS client (henceforth referred to as the
NAS, Network Access Server) passed on the user name and password and
the server responded with an access accept or access reject. This is just one
of a range of authentication methods which can be processed by RADIUS.
With LCOS version the RADIUS server in the BAT supports additional meth-
ods of authentication:
D PAP: The NAS passes the user name and password. The RADIUS server
searches its data sets for an entry matching the user name, compares the
password, and responds with a RADIUS accept or RADIUS reject.
D CHAP: The NAS passes the user name, the CHAP challenge and char-
acteristics of the password (but not the password itself). The RADIUS
server searches its data sets for an entry matching the user name; it uses
the associated password and the CHAP challenge from the NAS to com-
pute the CHAP response. If this computed response and the answer sent
by the client via the NAS correspond, then the RADIUS server sends a
RADIUS accept; otherwise it sends a RADIUS reject.
To Next Page
Loading...
