Authentication and User Management
14.4 Configuring Authentication Servers
SCALANCE W1750D UI
Configuration Manual, 02/2018 , C79000-G8976-C451-02
209
14.4.3
Configuring an External Server for Authentication
You can configure RADIUS, TACACS, LDAP, and ClearPass Policy Manager servers
through the SCALANCE W UI or the CLI.
In the SCALANCE W UI
To configure an external authentication server:
1.
Navigate to Security > Authentication Servers. The Security window is displayed.
2.
To create a new server, click New. A window for specifying details for the new server is
displayed.
3.
Configure parameters based on the type of sever.
–
RADIUS—To configure a RADIUS server, specify the attributes described in the
following table:
Parameter
Description
Name
Enter a name for the server.
Server address
Enter the host name or the IP address of the external RADIUS server.
RadSec
Set RadSec to Enabled to enable secure communication between the
RADIUS server and AP clients by creating a TLS tunnel between the AP
and the server.
If RadSec is enabled, the following configuration options are displayed:
•
RadSec port—Communication port number for RadSec TLS connec-
tion. By default, the port number is set to 2083.
•
RFC 3576—When set to Enabled, it allows the APs to process RFC
3576-compliant Change of Authorization (CoA) and disconnect mes-
sages from the RADIUS server.
•
NAS IP address
•
NAS identifier
For more information on RadSec configuration, see Enabling RADIUS
Communication over TLS (Page 214).
Auth port
Enter the authorization port number of the external RADIUS server within
the range of 1–65,535. The default port number is 1812.
Accounting port
Enter the accounting port number within the range of 1–65,535. This port
is used for sending accounting records to the RADIUS server. The default
port number is 1813.
Shared key
Enter a shared key for communicating with the external RADIUS server.
Retype key
Re-enter the shared key.
Timeout
Specify a timeout value in seconds. The value determines the timeout for
one RADIUS request. The AP retries to send the request several times (as
configured in the Retry count) before the user gets disconnected. For
example, if the Timeout is 5 seconds, Retry counter is 3, user is discon-
nected after 20 seconds. The default value is 5 seconds.
Retry count
Specify a number between 1 and 5. Indicates the maximum number of
authentication requests that are sent to the server group, and the default
value is 3 requests.
Содержание SCALANCE W1750D UI
Страница 18: ...About this guide SCALANCE W1750D UI 18 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 28: ...About SCALANCE W 3 3 SCALANCE W CLI SCALANCE W1750D UI 28 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 108: ...IPv6 Support 10 4 Debugging Commands SCALANCE W1750D UI 108 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 326: ......
Страница 356: ......
Страница 374: ......
Страница 416: ......
Страница 440: ......
Страница 450: ...Intrusion Detection 27 4 Configuring IDS SCALANCE W1750D UI 450 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 470: ......
Страница 480: ......
Страница 496: ......
Страница 518: ...Hotspot Profiles 33 3 Sample Configuration SCALANCE W1750D UI 518 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 528: ......
Страница 552: ......
Страница 570: ...Appendix B 3 Glossary SCALANCE W1750D UI 570 Configuration Manual 02 2018 C79000 G8976 C451 02 ...