9 configuring the radius server, 1 radius overview, 9 configuring the radius server -62 – Motorola Series Switch WS5100 User Manual
Page 286: 1 radius overview -62, Configuring the radius server on, The switch, Configuring the radius server
6-62 WS5100 Series Switch System Reference Guide
4. If necessary, select a security association from those displayed and click the
Delete
button to remove it.
6.9 Configuring the Radius Server
Remote Authentication Dial-In User Service (Radius) is a client/server protocol and software enabling remote
access servers to communicate with the switch to authenticate users and authorize their access to the
switch managed network. For an overview on the switch’s Radius deployment, see
Radius Overview on page 6-62.
Setting up Radius on the switch entails the following:
•
Defining the Radius Configuration
•
Configuring Radius Authentication and Accounting
•
•
Configuring Radius User Groups
•
Viewing Radius Accounting Logs
6.9.1 Radius Overview
Radius enables centralized management of switch authentication data (usernames and passwords). When a
MU attempts to associate to the Radius supported switch, the switch sends the authentication request to
the Radius server. The communication between the switch and server are authenticated and encrypted
through the use of a shared secret password (not transmitted over the network).
The switch’s local Radius server stores the authentication data locally, but can also be configured to use a
remote user database. A Radius server as the centralized authentication server makes is an excellent choice
for performing accounting. Radius can significantly increase security by centralizing password management.
The Radius server is used to define authentication and authorization schemes for granting the access to
wireless clients. Radius is also used for authenticating hotspot and remote VPN Xauth. The switch can be
configured to use 802.1x EAP for authenticating wireless clients with a Radius server. The following EAP
authentication types are supported by the onboard Radius server:
• TLS
• TLS and MD5
• TTLS and PAP
NOTE: For hotspot deployment, Motorola recommends using the switch’s onboard Radius
server and built-in user database. This is the easiest setup option and offers a high
degree of security and accountability. For information on configuring the Radius server,
see
Configuring the Radius Server on page 6-62
The switch can be configured to use its own local Radius server or an external
Radius server you define and configure within the switch managed network. For
information on the benefits and risks of using the switch’s resident Radius Server
as opposed to an external Radius Server, see Using the Switch’s Radius Server
Versus an External Radius on page 6-64.
NOTE: When restarting or rebooting the switch, the Radius server will also be restarted
regardless of its state before the reboot.