beautypg.com

1 radius client configuration, 2 radius proxy server configuration – Motorola Series Switch WS5100 User Manual

Page 290

background image

6-66 WS5100 Series Switch System Reference Guide

6.9.3.1 Radius Client Configuration

A Radius client implements a client/server mechanism enabling the switch to communicate with a central
server to authenticate users and authorize their access to the switch managed network. A Radius client is
often an embedded device since it alleviates the need to store detailed user information locally.

To configure Radius client support:

1. Select

Security

>

Radius Server

from the main menu.

2. Ensure the

Configuration

tab is selected.

3. Select the

Clients

tab from the bottom portion of the Configuration tab.

The Clients tab displays the IP address and subnet mask of the switch’s existing Radius clients.

4. To edit an existing Radius client configuration, select it from the table and click the

Edit

button.

The Edit screen displays the Radius client’s existing IP address, subnet mask and shared secret password
used for credential verification. Modify these settings as required.

5. To remove an existing Radius client configuration from the table of configurations available to the switch,

select the configuration and click the

Delete

button.

6. To create a new Radius client configuration, click the

Add

button at the bottom of the screen.

a. Specify the

IP Address/Mask

of the subnet or host authenticating with the Radius client.

b. Specify a Radius

Shared Secret

for authenticating the RADIUS client.

Shared secrets are used to verify Radius messages (with the exception of the Access-Request
message) are sent by a Radius -enabled device configured with the same shared secret. The shared
secret is a case-sensitive string that can include letters, numbers, or symbols. Make the shared
secret at least 22 characters long to protect the Radius server from brute-force attacks. The max
length of the shared secret is 31 characters.

c. Refer to the

Status

field for the current state of the requests made from applet. This field displays

error messages if something goes wrong in the transaction between the applet and the switch.

d. Click

OK

to use the changes to the running configuration and close the dialog.

e. Click

Cancel

to close the dialog without committing updates to the running configuration

6.9.3.2 Radius Proxy Server Configuration

The switch can be configured to send Radius requests to a proxy radius server. A user's access request is
sent to a proxy server if it cannot be authenticated by a local server. The proxy server forwards the access
request to a proxy server that can authenticate the user. The proxy server checks the information in the user
access request and either accepts or rejects the request. If the proxy target server accepts the request, it
returns configuration information specifying the type of connection service required to authenticate the user.