Deployment Guide
55
E
XAMPLE
6: S
ETTING
AAA RADIUS S
ETTINGS
In this example, you define the connection settings for a RADIUS server so that HiveAPs can send RADIUS
authentication requests
—
encapsulated in EAP (Extensible Authentication Protocol) packets
—
to the proper
destination.
After corporate employees associate with HiveAPs, they gain network access by authenticating themselves to a
RADIUS server. The authentication process makes use of the IEEE 802.1X standard. Within this context, wireless
clients act as supplicants, HiveAPs as authenticators, and the RADIUS server as the authentication server. The roles
of each participant, packet exchanges, and connection details for the RADIUS server are shown in
Figure 11
.
Figure 11
IEEE 802.1X Authentication Process
1. Click
HiveAP Configuration
>
AAA RADIUS
>
(Add button).
The New RADIUS Profile dialog box appears.
2. Enter the following:
•
RADIUS Configuration Name:
auth-1
(You cannot use spaces in the RADIUS profile name.)
•
Comment:
802.1X for corp employees
•
Retry Interval:
6000
(Seconds)
Enter the period of time that a HiveAP waits before retrying a previously unresponsive primary RADIUS
server. If a primary RADIUS server does not respond to three consecutive attempts
—
where each attempt
consists of ten authentication requests sent every three seconds (30 seconds for a complete request)
—
and a
backup RADIUS server has been configured, the HiveAP sends further authentication requests to the backup
ß ©·®»´»-- ½´·»²¬ñ-«°°´·½¿²¬ -¬¿®¬- ¿²
¿--±½·¿¬·±² °®±½»-- ©·¬¸ ¿ Ø·ª»ßÐò
̸» ¿«¬¸»²¬·½¿¬·±² -»®ª»® ®»°´·»- ¬± ¬¸»
¿«¬¸»²¬·½¿¬±® ©·¬¸ »·¬¸»® ¿² ß½½»--óß½½»°¬
±® ß½½»--ó붻½¬ ³»--¿¹» ·² ¿²±¬¸»® ¼±«¾´§
»²½¿°-«´¿¬»¼ °¿½µ»¬ò
̸» ¿«¬¸»²¬·½¿¬±® ¼»½¿°-«´¿¬»- ¬¸» ±«¬»®
°¿½µ»¬ ¿²¼ ª·»©- ¬¸» ÎßÜ×ËÍ ¿¬¬®·¾«¬»-
·²¼·½¿¬·²¹ ©¸»¬¸»® ¬¸» -«°°´·½¿²¬ ·- ¿½½»°¬»¼
±® ®»¶»½¬»¼ ø¿²¼ °±--·¾´§ ¬¸» «-»® ¹®±«° º±®
¬¸» -«°°´·½¿²¬÷ò
̸» -«°°´·½¿²¬ -»²¼- ¿² ß½½»--óλ¯«»-¬ ·² ¿
ÌÔÍó»²½¿°-«´¿¬»¼ °¿½µ»¬ ¬± ¬¸» ¿«¬¸»²¬·½¿¬±®ò
̸» ¿«¬¸»²¬·½¿¬±® ¿¼¼- ¿ ²»© ¸»¿¼»®
ø½±²¬¿·²·²¹ ¬¸» ×Ð ¿¼¼®»-- ±º ¬¸» ÎßÜ×ËÍ
-»®ª»®÷ ô »²½¿°-«´¿¬»- ¬¸» ÌÔÍó»²½¿°-«´¿¬»¼
°¿½µ»¬ «-·²¹ ÐÛßÐô ÛßÐóÌÌÔÍô ±® ÛßÐóÌÔÍô
¿²¼ °®±¨·»- ¬¸» ¬©·½»ó»²½¿°-«´¿¬»¼ °¿½µ»¬ ¬±
¬¸» ¿«¬¸»²¬·½¿¬·±² -»®ª»®ò
Í«°°´·½¿²¬
øÉ·®»´»-- Ý´·»²¬÷
ß«¬¸»²¬·½¿¬±®
øØ·ª»ßÐ÷
ß«¬¸»²¬·½¿¬·±² Í»®ª»®-
øÎßÜ×ËÍ Í»®ª»®-÷
Primary RADIUS server
IP address: 10.1.1.15
Shared secret: J7ix2bbbLA
Authentication port: 1812
Accounting port: 1813
Server priority: First
Secondary RADIUS Server
IP address: 10.1.2.16
Shared secret: J8Dx2c13Mb
Authentication port: 1812
Accounting port: 1813
Priority: Second