Authentication services
Using a third-party RADIUS server
11-6
The following authetication types can make use of an external third-party RADIUS server:
Configuring a RADIUS server profile on the
controller
The controller enables you to define a maximum of 16 RADIUS profiles. Each profile defines
the settings for a RADIUS client connection. To support a client connection, you must create
a client account on the RADIUS server. The settings for this account must match the profile
settings you define on the controller.
For backup redundancy, each profile supports a primary and secondary server.
The controller can function with any RADIUS server that supports RFC 2865 and RFC 2866.
Authentication occurs via authentication types such as: EAP-MD5, CHAP, MSCHAP v1/v2,
PAP, EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-SIM, EAP-AKA, EAP-FAST, and EAP-GTC.
Caution To safeguard the integrity of RADIUS traffic it is important that you protect communications
between the controller and the RADIUS server. The controller lets you use PPTP or IPSec to
create a secure tunnel to the RADIUS server. For complete instructions on how to
accomplish this, see Securing wireless client sessions with VPNs on page 16-3.
Note If you change a RADIUS profile to connect to a different server while users are active, all
RADIUS traffic for active user sessions is immediately sent to the new server.
Configuration procedure
1. Select Controller >> Authentication > RADIUS profiles. The RADIUS profiles page
opens.
Service For details, see ...
802.1X (VSC) 802.1X authentication on page 10-8
MAC-based (Global) MAC-based authentication on page 10-14
MAC-based (VSC) MAC-based authentication on page 10-14
HTML-based HTML-based authentication on page 10-22
VPN-based VPN-based authentication on page 10-24
To Next Page
Loading...
Need help?
General
