Filter
Top Products
Authentication services
Using a third-party RADIUS server
Using a third-party RADIUS server
The service controller can use one or more RADIUS servers to perform a number of
authentication and configuration tasks, including the tasks shown in the table below.
Task For more information see
Validating administrative user
credentials
Administrative user authentication on
page 4-4.
Validating user credentials for
802.1X, MAC, and HTML
authentication types
Wireless protection on page 2-13.
HTML-based user logins on page 2-17.
MAC-based authentication on page 2-18.
Storing custom configuration
settings for the public access
interface
Chapter 9: Working with public access
attributes.
Storing custom configuration
settings for each user
Storing accounting information for
each user
Configuring a RADIUS server profile on the service
controller
The service controller enables you to define a maximum of 16 RADIUS profiles. Each profile
defines the settings for a RADIUS client connection. To support a client connection, you must
create a client account on the RADIUS server. The settings for this account must match the
profile settings you define on the service controller.
For backup redundancy, each profile supports a primary and secondary server.
The service controller can function with any RADIUS server that supports RFC 2865 and RFC
2866. Authentication occurs via authentication types such as: EAP-MD5, CHAP, MSCHAP v1/
v2, PAP, EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-SIM, EAP-AKA, EAP-FAST, and EAP-GTC.
Caution To safeguard the integrity of the RADIUS traffic, it is important that you protect
communications between the service controller and the RADIUS server. The service
controller lets you use PPTP or IPSec to create a secure tunnel to the RADIUS server. For
complete instructions on how to accomplish this, see Securing wireless client sessions with
VPNs on page 12-3.
Note If you change a RADIUS profile to connect to a different server while users are active, all
RADIUS traffic for active user sessions is immediately sent to the new server.
6-5