C.11.1 configuring a radius server – Psion Teklogix 9160 G2 User Manual

Psion Teklogix 9160 G2 Wireless Gateway User Manual

C-39

Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup

Configuring A RADIUS Server

Selection of the VLAN is usually based on the identity of the user. The RADIUS
server informs the NAS (for example the access point) of the selected VLAN as part
of the authentication. This setup enables users of Dynamic VLANs to move from
one location to another without intervention and without having to make any
changes to the switches.

In the case of the 9160 G2 Wireless Gateway, if the user has selected to use an exter-
nal RADIUS server (configured on the Security page), then an External RADIUS
server will try to authenticate the user. A user’s authentication credentials are passed
to a RADIUS server. If these credentials are found to be valid, the NAS configures
the port to the VLAN indicated by the RADIUS authentication server.

C.11.1 Configuring A RADIUS Server

A RADIUS server needs to be configured to use Tunnel attributes in Access-Accept
messages, in order to inform the access point about the selected VLAN. These
attributes are defined in RFC 2868 and their use for dynamic VLAN is specified in
RFC 3580.

In the case of FreeRADIUS server, the following options may be set in the users file
to add the necessary attributes.

example-userAuth-Type :=EAP, User-Password =="password"

Tunnel-Type = 13,

Tunnel-Medium-Type = 6,

Tunnel-Private-Group-ID = 7

Tunnel-Type and Tunnel-Medium-Type use the same values for all stations. Tunnel-
Private-Group-ID is the selected VLAN ID, however it can be different for
each user.