1 radius client configuration, 2 radius proxy server configuration – Motorola Series Switch WS5100 User Manual
Page 290
6-66 WS5100 Series Switch System Reference Guide
6.9.3.1 Radius Client Configuration
A Radius client implements a client/server mechanism enabling the switch to communicate with a central
server to authenticate users and authorize their access to the switch managed network. A Radius client is
often an embedded device since it alleviates the need to store detailed user information locally.
To configure Radius client support:
1. Select
Security
>
Radius Server
from the main menu.
2. Ensure the
Configuration
tab is selected.
3. Select the
Clients
tab from the bottom portion of the Configuration tab.
The Clients tab displays the IP address and subnet mask of the switch’s existing Radius clients.
4. To edit an existing Radius client configuration, select it from the table and click the
Edit
button.
The Edit screen displays the Radius client’s existing IP address, subnet mask and shared secret password
used for credential verification. Modify these settings as required.
5. To remove an existing Radius client configuration from the table of configurations available to the switch,
select the configuration and click the
Delete
button.
6. To create a new Radius client configuration, click the
Add
button at the bottom of the screen.
a. Specify the
IP Address/Mask
of the subnet or host authenticating with the Radius client.
b. Specify a Radius
Shared Secret
for authenticating the RADIUS client.
Shared secrets are used to verify Radius messages (with the exception of the Access-Request
message) are sent by a Radius -enabled device configured with the same shared secret. The shared
secret is a case-sensitive string that can include letters, numbers, or symbols. Make the shared
secret at least 22 characters long to protect the Radius server from brute-force attacks. The max
length of the shared secret is 31 characters.
c. Refer to the
Status
field for the current state of the requests made from applet. This field displays
error messages if something goes wrong in the transaction between the applet and the switch.
d. Click
OK
to use the changes to the running configuration and close the dialog.
e. Click
Cancel
to close the dialog without committing updates to the running configuration
6.9.3.2 Radius Proxy Server Configuration
The switch can be configured to send Radius requests to a proxy radius server. A user's access request is
sent to a proxy server if it cannot be authenticated by a local server. The proxy server forwards the access
request to a proxy server that can authenticate the user. The proxy server checks the information in the user
access request and either accepts or rejects the request. If the proxy target server accepts the request, it
returns configuration information specifying the type of connection service required to authenticate the user.