Wireless Access Point
Configuring the Wireless AP 255
3. Settings (RADIUS Dynamic Authorization): Some RADIUS servers
have the ability to contact the AP (referred to as an NAS, see below) to
terminate a user with a Disconnect Message (DM). Or RADIUS may send
a Change-of-Authorization (CoA) Message to the AP to change a user’s
privileges due to changing session authorizations. This implements RFC
5176—Dynamic Authorization Extensions to RADIUS.
a. Timeout (seconds): Define the maximum idle time before the
RADIUS server’s session times out. The default is 600 seconds.
b. DAS Port: RADIUS will use the DAS port on the AP for Dynamic
Authorization Extensions to RADIUS. The default port is 3799.
c. DAS Event-Timestamp: The Event-Timestamp Attribute provides a
form of protection against replay attacks. If you select Required, both
the RADIUS server and the AP will use the Event-Timestamp
Attribute and check that it is current within the DAS Time Window.
If the Event-Timestamp is not current, then the DM or CoA Message
will be silently discarded.
d. DAS Time Window: This is the time window used with the DAS
Event-Timestamp, above.
e. NAS Identifier: From the point of view of a RADIUS server, the AP is
a client, also called a Network Access Server (NAS). Enter the NAS
Identifier (IP address) that the RADIUS servers expect the AP to
use — normally the IP address of the AP’s Gigabit1 port.
4. RADIUS Attribute Formatting Settings: Some RADIUS servers,
especially older versions, expect information to be sent to them in a
legacy format. These settings are provided for the unusual situation that
requires special formatting of specific types of information sent to the
RADIUS server. Most users will not need to change these settings.
a. Called-Station-Id Attribute Format: Define the format of the Called-
Station-Id RADIUS attribute sent from the AP—BSSID:SSID
(default) or BSSID. This identifies the AP that is attempting to
authenticate a client. BSSID is the MAC address of the IAP receiving
the client signal. The BSSID:SSID option additionally identifies the
To Next Page
Loading...
Need help?
General
