D-Link UNIFIED WIRED & WIRELESS ACCESS SYSTEM..., Руководство пользователя

Страница: 79 / 266

Software User Manual D-Link Unified Access System
02/15/2011
Document 34CS3000-SWUM104-D10 Page 79
Configuring AAA and RADIUS Settings
In the D-Link Unified Access System, you can use a RADIUS server for the following functions:
• Management of client-to-AP authentication and accounting
• Management of AP-to-Switch authentication and accounting
• Database for AP settings
The information in this section applies to the client-to-AP authentication and accounting management. For information about
AP-to-switch management, see
“Using the RADIUS Database for AP Validation” on page 73 . For information about how to
set AP database settings in the RADIUS server, see Appendix B “Configuring the External RADIUS Server” .
The RADIUS server that you configure from the Administration > Basic Setup > AAA/RADIUS tab is the RADIUS server
for the default AP profile. For each network, you can configure a unique RADIUS server or use the default RADIUS server.
When you use a RADIUS server for wireless client-to-AP communications, such as when clients use WPA Enterprise or
WEP IEEE 802.1X security to connect to the AP, the AP is the RADIUS client and communicates with the RADIUS server.
The Unified Switch does
not tunnel packets between the AP and RADIUS server. This means that you must configure the
AP as a client in the RADIUS server. For information about how configure RADIUS clients, see Appendix B “Configuring the
External RADIUS Server” . Table 9 describes the fields you can configure for the default AP profile RADIUS server.
On the AAA/RADIUS tab, you can also configure a global list containing the MAC addresses of wireless clients to allow or
deny access to APs. The list only applies to profiles that use local MAC Authentication, which is an SSID setting. MAC
Authentication is disabled by default. For information about enabling MAC Authentication, see “Configuring the Default
Network” on page 88 .
If you select Allow as the default action, the wireless clients you add to the Allow MAC List can connect to the AP, and all
other wireless clients are denied. If you select Deny as the default action, the wireless clients with the MAC addresses that
you add to the Deny MAC list cannot associate with the AP.
Table 9: Global RADIUS Server
Field Description
IP Address This is the IP address of the RADIUS server the AP uses for authentication.
Secret The RADIUS secret is the shared secret key for the RADIUS server. Click the Edit check box to
enter a secret. The text you enter is displayed as “*” characters to prevent others from seeing the
RADIUS key as you type.
Backup IP
Address
The IP address of the backup radius server.
Backup Secret The RADIUS secret of the backup radius server.
Accounting RADIUS Accounting allows you to track and measure the resources a particular user has consumed
such as system time and amount of data transmitted and received.
Failthrough Mode Select the Failthrough Mode option to enable the radius fail-through feature. Clear the option to
disable the feature.
Profile Name The name of the AP profile. For example, the name Default.
Note: If you access the RADIUS and MAC Authentication configuration information from the AP Profile page, the
Profile Name field also appears. To rename the profile, delete the existing name and enter the new name in the
field, then click Submit .