Radius based management access – Proxim ORiNOCO AP-700 User Manual

Performing Advanced Configuration

AP-700 User Guide

Management

59

•

Serial Stop Bits: This is a read-only field that displays the number of stop bits used in serial communication (1 stop bit by default).

NOTE

The serial port bit configuration is commonly referred to as 8N1.

RADIUS Based Management Access

User management of APs can be centralized by using a RADIUS server to store user credentials. The AP cross-checks credentials using
RADIUS protocol and the RADIUS server accepts or rejects the user.
HTTP/HTTPS and Telnet/SSH users can be managed with RADIUS. Serial CLI and SNMP cannot be managed by RADIUS. Two types of
users can be supported using centralized RADIUS management:
•

Super User: The super user has access to all functionality of a management interface. A super user is configured in the RADIUS server
by setting the filter ID attribute (returned in the RADIUS Accept packet) for the user to a value of “super user” (not case sensitive). A user
is considered a super user if the value of the filter-id attribute returned in the RADIUS Accept packet for the user is “super user” (not case
sensitive).

•

Limited User: A limited user has access to only a limited set of functionality on a management interface. All users who are not super
users are considered limited users. However, a limited user is configured in the RADIUS server by setting the filter-id attribute (returned
in the RADIUS Accept packet) to “limited user” (not case sensitive). Limited users do not have access to the following configuration
capabilities:
–

Update/retrieve files to and from APs

–

Reset the AP to factory defaults

–

Reboot the AP

–

Change management properties related to RADIUS, management modes, and management passwords.

When RADIUS Based Management is enabled, a local user can be configured to provide Telnet, SSH, and HTTP(S) access to the AP when
RADIUS servers fail. The local user has super user capabilities. When secure management is enabled, the local user can only login using
secure means (i.e., SSH or SSL). When the local user option is disabled the only access to the AP when RADIUS servers are down will be
through serial CLI or SNMP.
The Radius Based Management Access parameters allows you to enable HTTP or Telnet Radius Management Access, to configure a
RADIUS Profile for management access control, and to enable or disable local user access, and configure the local user password. You can
configure and view the following parameters:
•

HTTP RADIUS Access Control Status: Enable RADIUS management of HTTP/HTTPS users.

•

Telnet RADIUS Access Control Status: Enable RADIUS management of Telnet/SSH users.

•

RADIUS Profile for Management Access Control: Specifies the RADIUS Profile to be used for RADIUS Based Management Access.

•

Local User Status: Enables or disables the local user when RADIUS Based Management is enabled. The default local user ID is root.

•

Local User Password and Confirm Password: The default local user password is public. “Root” cannot be configured as a valid user for
Radius based management access when local user access is enabled.