Working with RADIUS attributes
Administrator attributes
15-31
Administrator attributes
If you want to support multiple administrator names and passwords, you must use a RADIUS
server to manage them. The controller only supports a single admin name and password
internally (defined on the Controller >> Management > Management tool page).
Note Improper configuration of the administrator profile could expose the controller to access by
any user with a valid account. The only thing that distinguishes an administrative account
from that of a standard user account is the setting of the service type. Make sure that a user is
not granted access if service type is not Administrative, This is the reason why it may be
prudent to use a different RADIUS server to handle administrator logins. This practice
reduces the risk of a bad configuration on the RADIUS server side creating a security hole.
The following attributes are supported for administrator accounts.
Access request
Framed-MTU
(32-bit unsigned integer)
Hard-coded value of 1496. The value is always four bytes lower than the wireless MTU
maximum which is 1500 bytes in order to support IEEE802dot1x authentication.
NAS-Identifier
(string)
The NAS ID set on the Controller >> Authentication > RADIUS profiles > Add New
Profile page for the RADIUS profile being used.
User-Name
(string)
The username assigned to the administrator.
Access Request
Framed-MTU
NAS-Identifier
User-Name
Service-Type
Vendor-specific (Microsoft)
MSCHAP-Challenge
MSCHAP-Response
Access Accept
Vendor-specific (Colubris)
Access Reject
No attributes are supported.
Access Challenge
No attributes are supported.
Accounting Request
No attributes are supported.
Accounting Response
No attributes are supported.
To Next Page
Loading...
Need help?
General
