beautypg.com

5 configuring radius users, 5 configuring radius users -69, Configuring radius users – Motorola Series Switch WS5100 User Manual

Page 293

background image

Switch Security

6-69

4. Refer to the

LDAP Server Details

field to define the attributes of the primary and secondary Radius

LDAP servers providing access to external databes to be used with local Radius servers.

5. Click the

Apply

button to save the changes made to within the screen.

6. Click the

Revert

button to cancel any changes made within the screen and revert back to the last saved

configuration.

6.9.5 Configuring Radius Users

Refer to the

Users

tab to view the current set of users and assigned groups for the Radius server. The Users

tab is used when

Local

is selected as the Auth Data Source within the

Authentication & Accounting

tab.

The user information is ignored if an LDAP server is used for user authentication.

Cert Trustpoint

Click the

View/Change

button to specify the trustpoint from which the Radius server

automatically grants certificate enrollment requests. A trustpoint is a representation of a CA
or identity pair. A trustpoint contains the identity of the CA, CA-specific configuration

parameters, and an association with one enrolled identity certificate. If the server certificate
trustpoint is not used, the default trustpoint will be used instead.

CA Cert Trustpoint

Click the View/Change button to specify the CA certificate trustpoint from which the Radius
server automatically grants certificate enrollment requests. A trustpoint is a representation
of a CA or identity pair. A trustpoint contains the identity of the CA, CA-specific configuration
parameters, and an association with one enrolled identity certificate.

If a CA trustpoint is not specified, the "default trustpoint's CA certificate is used as a ca
certificate. If the "Default trustpoint" does not have a CA certificate, the server certificate
itself will be used as the CA certificate.

NOTE: EAP-TLS will not work with a default trustpoint, proper CA and Server trustpoints
must be configured for EAP-TLS.For information on configuring certificates for use with
the switch, see

Creating Server Certificates on page 6-74

.

IP Address

Enter the IP address of the external LDAP server acting as the data source for the Radius
server. This server must be accessible from an active subnet on the switch.

Port

Enter the TCP/IP port number for the LDAP server acting as the data source.

Password Attribute

Enter the password attribute used by the LDAP server for authentication.

Bind DN

Specify the distinguished name to bind with the LDAP server.

Bind Password

Enter a valid password for the LDAP server.

Base DN

Specify a distinguished name that establishes the base object for the search. The base
object is the point in the LDAP tree at which to start searching.

User Login Filter

Enter the login used by the LDAP server for authentication.

Group Filter

Specify the group filters used by your LDAP server.

Group Membership
Attribute

Specify the Group Member Attribute to be sent to the LDAP server when authenticating the
users.

Group Attribute

Specify the group attribute used by the LDAP server.

Net Timeout

Enter a timeout value the system uses to terminate the connection to the Radius Server if no
activity is detected.