Performing advanced configuration, Serial configuration settings, Radius based management access – Proxim ORINOCO AP-2000 User Manual
Page 58
58
Performing Advanced Configuration
Serial Configuration Settings
The serial port interface on the AP is enabled at all times. See
Setting IP Address using Serial Port
for information on
how to access the CLI interface via the serial port. You can configure and view following parameters:
–
Serial Baud Rate: Select the serial port speed (bits per second). Choose between 2400, 4800, 9600, 19200,
38400, or 57600; the default Baud Rate is 9600.
–
Serial Flow Control: Select either None (default) or Xon/Xoff (software controlled) data flow control.
NOTE
To avoid potential problems when communicating with the AP through the serial port, Proxim recommends
that you leave the Flow Control setting at None (the default value).
•
Serial Data Bits: This is a read-only field and displays the number of data bits used in serial communication
(8 data bits by default).
•
Serial Parity: This is a read-only field and displays the number of parity bits used in serial communication
(no parity bits by default).
•
Serial Stop Bits: This is a read-only field that displays the number of stop bits used in serial communication
(1 stop bit by default).
NOTE
The serial port bit configuration is commonly referred to as 8N1.
RADIUS Based Management Access
User management of APs can be centralized by using a RADIUS server to store user credentials. The AP
cross-checks credentials using RADIUS protocol and the RADIUS server accepts or rejects the user.
HTTP/HTTPS and Telnet/SSH users can be managed with RADIUS. Serial CLI and SNMP cannot be managed by
RADIUS. Two types of users can be supported using centralized RADIUS management:
•
Super User: The super user has access to all functionality of a management interface. A super user is configured
in the RADIUS server by setting the filter ID attribute (returned in the RADIUS Accept packet) for the user to a
value of “super user” (not case sensitive). A user is considered a super user if the value of the filter-id attribute
returned in the RADIUS Accept packet for the user is “super user” (not case sensitive).
•
Limited User: A limited user has access to only a limited set of functionality on a management interface. All users
who are not super users are considered limited users. However, a limited user is configured in the RADIUS server
by setting the filter-id attribute (returned in the RADIUS Accept packet) to “limited user” (not case sensitive).
Limited users do not have access to the following configuration capabilities:
–
Update/retrieve files to and from APs
–
Reset the AP to factory defaults
–
Reboot the AP
–
Change management properties related to RADIUS, management modes, and management passwords.
When RADIUS Based Management is enabled, a local user can be configured to provide Telnet, SSH, and HTTP(S)
access to the AP when RADIUS servers fail. The local user has super user capabilities. When secure management is
enabled, the local user can only login using secure means (i.e., SSH or SSL). When the local user option is disabled
the only access to the AP when RADIUS servers are down will be through serial CLI or SNMP.
The Radius Based Management Access parameters allows you to enable HTTP or Telnet Radius Management
Access, to configure a RADIUS Profile for management access control, and to enable or disable local user access,
and configure the local user password. You can configure and view the following parameters:
•
HTTP RADIUS Access Control Status: Enable RADIUS management of HTTP/HTTPS users.
•
Telnet RADIUS Access Control Status: Enable RADIUS management of Telnet/SSH users.
•
RADIUS Profile for Management Access Control: Specifies the RADIUS Profile to be used for RADIUS Based
Management Access.
•
Local User Status: Enables or disables the local user when RADIUS Based Management is enabled. The default
local user ID is root.
•
Local User Password and Confirm Password: The default local user password is public. “Root” cannot be
configured as a valid user for Radius based management access when local user access is enabled.