Filter
Top Products
AT-WA7500 and AT-WA7501 Installation and User’s Guide
173
802.11b radio is configured with no security and you expect it to associate
with the secondary 1 service set. However, when the end device receives
the beacon from the access point that indicates that some type of security
is being used, the end device does not communicate with the access
point.
Another important consideration is that the service set that allows wireless
hops should have the strongest security configuration possible for your
environment. Do not enable wireless hops on the ports that have no
security. WAPs configured on the other service sets will hear the
unencrypted hellos on the wireless hop port and those WAPs will attach to
the spanning tree, even though they should not.
When You
Include Multiple
RADIUS Servers
on the RADIUS
Server List
You can use multiple RADIUS servers to act as password servers, to
support ACLs, to use in an 802.1x security solution as authentication
servers, and to use in an WPA/802.1x security solution as authentication
servers. If you don't configure the server port map, the access point uses
the first RADIUS server (Server 1) in the list as the main server. Other
servers are simply backup servers.
If the first RADIUS server responds and the client’s information does
not appear in that server’s database, the client is blocked. The access
point does not check the databases on any other RADIUS servers.
If the first RADIUS server goes down during the operation and a
RADIUS server lookup needs to occur, the authenticator access point
will time out looking for the first server. Then, the access point looks for
the next server in the list. If the authenticator access point finds the
next server, it stays with that server forever, even if the first server
comes back. If the backup server goes down, the authenticator access
point continues looking down the list and eventually wraps around to
the first server again.
However, you can configure the server port map so that the access point
uses different RADIUS servers to serve different ports.
To configure the server port map
From the main menu, click Security > RADIUS Server List > Server
Port Map. The Server Port Map screen appears with the IP Address/
DNS Name column populated with the RADIUS servers that you
configured in the Server Selection screen.
For example, you can select one RADIUS server to service parent access
points authenticating child access points using IAPP authentication by
checking the check box in the IAPP Authentication column. Then, you can
select another RADIUS server to service access points authenticating end
devices by checking the check box for the appropriate service set.