Serial configuration settings, Radius based management access – Proxim AP-4000 User Manual
Page 74
Advanced Configuration
AP-4000 Series User Guide
Management
74
Serial Configuration Settings
The serial port interface on the AP is enabled at all times. See
Setting IP Address using Serial Port
for information on how
to access the CLI interface via the serial port. You can configure and view the following parameters:
• Serial Baud Rate: Select the serial port speed (bits per second). Choose between 2400, 4800, 9600, 19200, 38400,
or 57600; the default Baud Rate is 9600.
• Serial Flow Control: Select either None (default) or Xon/Xoff (software controlled) data flow control.
NOTE: To avoid potential problems when communicating with the AP through the serial port, Proxim recommends
that you leave the Flow Control setting at None (the default value).
• Serial Data Bits: This is a read-only field and displays the number of data bits used in serial communication (8 data
bits by default).
• Serial Parity: This is a read-only field and displays the number of parity bits used in serial communication (no parity
bits by default).
• Serial Stop Bits: This is a read-only field that displays the number of stop bits used in serial communication (1 stop
bit by default).
NOTE: The serial port bit configuration is commonly referred to as 8N1.
RADIUS Based Management Access
User management of APs can be centralized by using a RADIUS server to store user credentials. The AP cross-checks
credentials using RADIUS protocol and the RADIUS server accepts or rejects the user.
HTTP/HTTPS and Telnet/SSH users can be managed with RADIUS. Serial CLI and SNMP cannot be managed by
RADIUS. Two types of users can be supported using centralized RADIUS management:
• Super User: The super user has access to all functionality of a management interface. A super user is configured in
the RADIUS server by setting the filter ID attribute (returned in the RADIUS Accept packet) for the user to a value of
“super user” (not case sensitive). A user is considered a super user if the value of the filter-id attribute returned in the
RADIUS Accept packet for the user is “super user” (not case sensitive).
• Limited User: A limited user has access to only a limited set of functionality on a management interface. All users
who are not super users are considered limited users. However, a limited user is configured in the RADIUS server by
setting the filter-id attribute (returned in the RADIUS Accept packet) to “limited user” (not case sensitive). Limited
users do not have access to the following configuration capabilities:
–
Update/retrieve files to and from APs
–
Reset the AP to factory defaults
–
Reboot the AP
–
Change management properties related to RADIUS, management modes, and management passwords.
NOTE: When a user has both “limited user” and “super user” filter-ids configured in the Radius server, the user has
limited user privileges.
When RADIUS Based Management is enabled, a local user can be configured to provide Telnet, SSH, and HTTP(S)
access to the AP when RADIUS servers fail. The local user has super user capabilities. When secure management is
enabled, the local user can only login using secure means (i.e., SSH or SSL). When the local user option is disabled the
only access to the AP when RADIUS servers are down will be through serial CLI or SNMP.
The Radius Based Management Access parameters allows you to enable HTTP or Telnet Radius Management Access,
to configure a RADIUS Profile for management access control, and to enable or disable local user access, and configure
the local user password. You can configure and view the following parameters:
• HTTP RADIUS Access Control Status: Enable RADIUS management of HTTP/HTTPS users.
• Telnet RADIUS Access Control Status: Enable RADIUS management of Telnet/SSH users.