Filter
Top Products
24
Nokia A032 Addendum
The authentication procedure is initiated by the
station, which sends
Authentication Req MAC
frame to the AP. The AP builds a Radius
Access-
Request
containing a Radius user-name and
user-password derived as follows:
• The user-name is either the MAC address of
the station expressed as a 12-character
hexadecimal string or the unit name if this
has been supplied by the station.
The A040 adapter sends its unit name as a
vendor-specific IEEE802.11 information
element in the Authentication Req message.
• The user-password is generated from a
password, a shared secret and a random
Request Authenticator included in the
Radius packet (see RFC2138 section 5.2 for
the password generation algorithm) using
the MD5 hashing function. The
password
and
shared secret are defined via the ‘set
shared_secret’ command on the AP CLI.
Note that the password, being a value
entered at into the AP configuration, is the
same for all stations.
Using its copy of the shared secret and password,
the Radius server can check that the
user-
password
supplied is valid. The password for all
the MAC-address entries in the Radius server
configuration should be set to same value as
was entered on the APs. Also, the
password and
shared secret must be the same in all the APs
using the Radius server.
When the Radius server receives the Access-
Request
, it takes the user-name and looks up the
entry for the station. It then recalculates its
own copy of the
user-password and if the
supplied
user-password and its own match it
builds an
Access-Accept message to send back to