Configuring radius profiles, Performing advanced configuration – Proxim ORINOCO AP-2000 User Manual

Page 79

Advertising
background image

79

Performing Advanced Configuration

server used depends on whether the authentication is done for an 802.1x client or non-802.1x client. The clients in
VLAN 2 are authenticated using a different set of authentication servers configured for authenticating users in VLAN 2.
Authentication servers for each VLAN are configured as part of the configuration options for that VLAN. You can also
configure authentication servers on a system-wide basis; these are called the default authentication servers. For each
VLAN, the user could opt to use the default authentication servers, or to configure separate authentication servers to
be used for a particular authentication type in that VLAN.

RADIUS-based VLAN Assignment

Radius-based VLAN assignment
The AP currently supports two methods of assigning a wireless client a VLAN ID. The wireless client can either be
assigned the static VLAN ID configured for the SSID the wireless client is associated to, or the wireless client can be
assigned a VLAN ID which is returned by the RADIUS server during authentication.
A VLAN ID can only be assigned to a wireless client by a RADIUS server if they are associated to an SSID that is
configured to a RADIUS-based authentication security mode/protocol (802.1X, WPA, 802.11i/WPA2, and RADIUS
based MAC Address Authentication). If the wireless client is associated to an SSID that does not provide
RADIUS-based authentication (such as None, WEP, WPA-PSK, and 802.11i/WPA2-PSK), then the wireless client will
be assigned the static VLAN ID configured for respective SSID. See

SSID/VLAN/Security

for more information.

RADIUS Servers Enforcing VLAN Access Control

A RADIUS server can be used to enforce VLAN access control in two ways:

Authorize the SSID the client uses to connect to the AP. The SSID determines the VLAN that the client gets
assigned to.

Assigning the user to a VLAN by specifying the VLAN membership information of the user.

Configuring RADIUS Profiles

A RADIUS server Profile consists of a Primary and a Secondary RADIUS server that get assigned to act as either
MAC Authentication servers, 802.1x/EAP Authentication servers, or Accounting Servers in the VLAN Configuration.
Refer to

SSID/VLAN/Security

.

The RADIUS Profiles tab allows you to add new RADIUS profiles or modify or delete existing profiles.

Figure 4-21 RADIUS Server Profiles

Advertising
Popular Brands
Popular manuals