5 radius for pmp – Motorola Canopy FSK and OFDM radios PTP 100 (FSK) User Manual

Release 11.0

Release Notes and User Guide Supplement

Issue 1, March 2011

Page

13

5 RADIUS for PMP

Release 11.0 adds support for the RADIUS (Remote Authentication Dial In User Service) protocol
supporting Authentication, Authorization, and Accounting (AAA). The following topics are covered
in this document:

o An overview of the Canopy RADIUS implementation
o Description of the operation of RADIUS with Canopy and the various configurable

parameters and their settings

o Procedures for specific tasks associated with configuring Canopy for RADIUS
o Reference material, especially information on VSAs and OIDs.

The information does not

o Provide substantial background on the RADIUS protocol. A solid understanding of

RADIUS is assumed, or should be gained from other sources.

o Provide detailed information on setting up a RADIUS server. This information should

be gained from other sources, including the vendor or provider of the RADIUS server.

A typical course of action to prepare for the migration to RADIUS is

o Study these release notes
o Gain any additional knowledge needed on RADIUS and your specific RADIUS server

from outside sources and install your RADIUS server and database.

o Experiment with a test system in the lab or field
o Develop a migration plan for your network
o Migrate your network to RADIUS

5.1

RADIUS IMPLEMENTATION OVERVIEW

5.1.1 RADIUS Functions

RADIUS protocol support provides the following functions:

o SM Authentication allows only known SMs onto the network (blocking “rogue” SMs),

and can be configured to ensure SMs are connecting to a known network (preventing
SMs from connecting to “rogue” APs). RADIUS authentication is used for SMs, but
not used for APs, BHMs, or BHSs.

o SM Configuration configures authenticated SMs with MIR (Maximum Information

Rate), CIR (Committed Information Rate), High Priority, and VLAN (Virtual LAN)
parameters from the RADIUS server when an SM registers to an AP.

o Centralized AP and SM user name and password management allows AP and

SM usernames and access levels (Administrator, Installer, Technician) to be centrally
administered in the RADIUS server instead of on each radio and tracks access
events (logon/logoff) for each username on the RADIUS server. BHMs and BHSs do
not support RADIUS accounting. This accounting does not track and report specific
configuration actions performed on radios or pull statistics such as bit counts from the
radios. Such functions require an Element Management System (EMS) such as the
Motorola One Point Wireless Manager. This accounting is not the ability to perform
accounting functions on the subscriber/end user/customer account.