Radius Configuration; Operation Of Device Authentication; Operation Of User Authentication - GE MDS iNET Series Reference Manual

Wireless ip/ethernet transceiver

Hide thumbs Also See for MDS iNET Series:

Setup manual (4 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

Table of Contents

2.7.3 RADIUS Configuration

This section covers the authentication settings needed for the iNET radios to access the RADIUS server,

which is used for Device Level Security and for Wireless Access Security. GE MDS does not provide the

RADIUS server software.

Operation of Device Authentication

Device authentication forces the radio to authenticate before allowing user traffic to traverse the wireless

network. When

Device Security

radios need three types of certificates: public (client), private, and root (Certificate Authority). These files

are unique to each Remote radio and need to first be created at the server and then installed into each unit

via TFTP. The certificate files must be in DER format.

Device authentication uses the serial number of each radio as the Common Name (CN) in its certificate and

in its RADIUS identity field. Each Access Point and Remote radio must be identified/recognized by the

RADIUS Server through the Common Name (Serial number) and IP address entries.

NOTE:

Consult your RADIUS network administrator for assistance in configuration, or for help with

other issues that may arise.

To activate device authentication, select

behavior of this setting differs depending on whether it is implemented on an Access Point or a Remote

transceiver. An explanation of these behaviors is given below:

Access Point: When

Device Auth Method

and waits for the RADIUS Server to Authenticate the Remotes before allowing data to be passed from them.

When approval is received from the RADIUS Server, data from the Remote is allowed to pass.

Remote: When

Device Auth Method

Authentication from the RADIUS Server. If accepted, data is allowed to be transmitted. The Access Point

that the Remote connects to must have a valid RADIUS configuration and connection to the configured

RADIUS server.

Operation of User Authentication

When user authentication is set to

being allowed to manage the radio. In

mode the user name is

Local

When set to

, all logins to the local configuration services are required to be authenticated via the

RADIUS

RADIUS Server, including telnet and SSH (Secure Shell) sessions. Authentication must be accepted before

access to the radio menu is granted.

05-2806A01, Rev. L

is configured to use IEEE 802.1X as the authentication method, Remote

Device Auth Method

is set to

IEEE 802.1X

is set to

, the Remote halts any data it is passing, and requests

IEEE 802.1X

, you must enter a valid user name and password before

Local

RADIUS

mode both of these fields may be up to 40 characters long.

RADIUS

and the password may be up to 8 characters long.

iNET

MDS iNET Series Reference Manual

and set

as the active mode. The

IEEE 802.1X

, the AP disassociates all associated Remotes

Table of Contents

Troubleshooting

This manual is also suitable for:

Mds inet-ii 900 Mds inet 900

Radius Configuration; Operation Of Device Authentication; Operation Of User Authentication - GE MDS iNET Series Reference Manual

2.7.3 RADIUS Configuration

Operation of Device Authentication

Operation of User Authentication

Troubleshooting

Related Manuals for GE MDS iNET Series

Related Content for GE MDS iNET Series

This manual is also suitable for:

Table of Contents