Configure Tab
100
NXA-WAPZD1000 ZoneDirector Smart WLAN Controller
To configure a backup RADIUS / RADIUS Accounting server
1.
Click the check box next to Enable Backup RADIUS support.
2.
Enter the IP Address, Port number and Shared Secret for the backup server (these fields can neither be left
empty nor be the same values as those of the primary server).
3.
In Request Timeout, enter the timeout period (in seconds) after which an expected RADIUS response
message is considered to have failed.
4.
In Max Number of Retries, enter the number of failed connection attempts after which the NXA-
WAPZD1000 will failover to the backup RADIUS server.
5.
In Reconnect Primary, enter the number of minutes after which the NXA-WAPZD1000 will attempt to
reconnect to the primary RADIUS server after failover to the backup server.
MAC Authentication with an External RADIUS Server
To begin using MAC authentication:
1.
Ensure that a RADIUS server is configured in the NXA-WAPZD1000.
2.
Create a user on the RADIUS server using the MAC address of the client as both the username and
password. The MAC address format is a single string of characters without punctuation. (Format:
“xxxxxxxxxxxx”; not “xx:xx:xx:xx:xx” or “xx_xx_xx_xx_xx_xx”.)
3.
Log in to the Browser-Based Configuration Pages, and go to Configure > WLANs (page 31).
4.
Click the Edit link next to the WLAN you would like to configure (e.g., “internal,” “corporate,” etc.).
5.
Under Authentication Options: Method, select MAC Address.
6.
Under Authentication Server, select RADIUS Server.
7.
Click OK to save your changes.
At this point, the WLAN is set up to authenticate users by MAC address from a RADIUS server. Users
attempting to access this WLAN will be authenticated using a three-way handshake based on the Challenge-
Handshake Authentication Protocol (CHAP), and the MAC address of each client attempting to access this
WLAN must match an entry in the RADIUS database before access is granted.
Testing Authentication Settings
The Test Authentication Settings feature allows you to query an AAA server for a known authorized user, and
return Groups associated with the user that can be used for configuring Roles within the NXA-WAPZD1000.
After you have configured one or more authentication servers in the NXA-WAPZD1000, perform this task to
ensure that the device can connect to the authentication server and retrieve the groups/attributes that you have
configured for each user account.
To test the authentication settings:
1.
Go to Configure > AAA Servers and locate the Test Authentication Settings section.
2.
Select the authentication server that you want to use from the Test Against drop-down menu.
3.
In User Name and Password, enter an Active Directory, LDAP or RADIUS user name and password.
4.
Click Test.
If the NXA-WAPZD1000 was able to connect to the authentication server and retrieve the configured groups/
attributes, the information appears at the bottom of the page. The following is an example of the message that
will appear when the NXA-WAPZD1000 authenticates successfully with the server:
Success! Groups associated with this user are ?g{group_name}?h. This user will be assigned a role of
{role}.
If the test was unsuccessful, there are three possible results (other than success) that will be displayed to
inform you if you have entered information incorrectly:
Admin invalid
User name or password invalid
Search filter syntax invalid (LDAP only)
These results can be used to troubleshoot the reasons for failure to authenticate users from an AAA server
through the NXA-WAPZD1000.
Содержание NXA-WAPZD1000
Страница 4: ......
Страница 12: ...viii NXA WAPZD1000 ZoneDirector Smart WLAN Controller Table of Contents ...
Страница 16: ...Introduction 12 NXA WAPZD1000 ZoneDirector Smart WLAN Controller ...
Страница 130: ...Blocking Client Devices 126 NXA WAPZD1000 ZoneDirector Smart WLAN Controller ...
Страница 146: ...Smart Mesh Networking Best Practices 142 NXA WAPZD1000 ZoneDirector Smart WLAN Controller ...
Страница 153: ...Troubleshooting 149 NXA WAPZD1000 ZoneDirector Smart WLAN Controller ...