Authentication and User Management
14.4 Configuring Authentication Servers
SCALANCE W1750D UI
Configuration Manual, 02/2018 , C79000-G8976-C451-02
209
14.4.3
Configuring an External Server for Authentication
You can configure RADIUS, TACACS, LDAP, and ClearPass Policy Manager servers
through the SCALANCE W UI or the CLI.
In the SCALANCE W UI
To configure an external authentication server:
1.
Navigate to Security > Authentication Servers. The Security window is displayed.
2.
To create a new server, click New. A window for specifying details for the new server is
displayed.
3.
Configure parameters based on the type of sever.
–
RADIUS—To configure a RADIUS server, specify the attributes described in the
following table:
Parameter
Description
Name
Enter a name for the server.
Server address
Enter the host name or the IP address of the external RADIUS server.
RadSec
Set RadSec to Enabled to enable secure communication between the
RADIUS server and AP clients by creating a TLS tunnel between the AP
and the server.
If RadSec is enabled, the following configuration options are displayed:
•
RadSec port—Communication port number for RadSec TLS connec-
tion. By default, the port number is set to 2083.
•
RFC 3576—When set to Enabled, it allows the APs to process RFC
3576-compliant Change of Authorization (CoA) and disconnect mes-
sages from the RADIUS server.
•
NAS IP address
•
NAS identifier
For more information on RadSec configuration, see Enabling RADIUS
Communication over TLS (Page 214).
Auth port
Enter the authorization port number of the external RADIUS server within
the range of 1–65,535. The default port number is 1812.
Accounting port
Enter the accounting port number within the range of 1–65,535. This port
is used for sending accounting records to the RADIUS server. The default
port number is 1813.
Shared key
Enter a shared key for communicating with the external RADIUS server.
Retype key
Re-enter the shared key.
Timeout
Specify a timeout value in seconds. The value determines the timeout for
one RADIUS request. The AP retries to send the request several times (as
configured in the Retry count) before the user gets disconnected. For
example, if the Timeout is 5 seconds, Retry counter is 3, user is discon-
nected after 20 seconds. The default value is 5 seconds.
Retry count
Specify a number between 1 and 5. Indicates the maximum number of
authentication requests that are sent to the server group, and the default
value is 3 requests.