Motorola Series Switch WS5100 User Manual
Page 333
Switch Management
7-25
7. Select a Radius server from the table and click the
Edit
button to modify how the authentication method
is used. For more information, see
Modifying the Properties of an Existing Radius Server on page 7-25
8. Highlight a Radius Server from those listed and click the
Delete
button to remove the server from the list
of available servers.
9. Click the
Add
button at the bottom of the screen to display a sub-screen used to add a Radius Server to
the list of servers available to the switch. For more information, see
Adding a New Radius Server on page 7-26
.
7.6.2.1 Modifying the Properties of an Existing Radius Server
Some of the attributes of an existing Radius Server can be modified by the WS5100 to better reflect the
Radius Server’s existing connection with the switch.
To modify the attributes of an existing Radius Server:
1. Select
Management Access
>
Users
from the main menu tree.
The Users screen displays.
2. Click on the
Authentication
tab.
3. Select an existing Radius Server from those listed and click the
Edit
button at the bottom of the screen.
4. Modify the following Radius Server attributes as necessary:
Shared Secret
Displays the shared secret used to verify Radius messages (with the exception of the Access-
Request message) are sent by a Radius-enabled device configured with the same shared
secret. The shared secret is a case-sensitive string that can include letters, numbers, or
symbols. Ensure the shared secret is at least 22 characters long to protect the Radius server
from brute-force attacks.
Retries
Displays the maximum number of times for the switch to retransmit a Radius Server frame
before it times out the authentication session.
Timeout
Displays the maximum time (in seconds) the switch waits for the Radius Server’s
acknowledgment of authentication request packets before the switch times out of the
session.
Radius Server Index
Revise the numerical
Index
value for the Radius Server to help distinguish this Radius Server
from other servers with a similar configuration (if necessary). The maximum number that can
be assigned is 32.
Radius Server IP
Address
Modify the IP address of the external Radius server (if necessary). Ensure this address is a
valid IP address and not a DNS name.
Radius Server Port
Change the TCP/IP port number for the Radius Server (if necessary). The port range available
for assignment is from 1 - 65535.
Number of retries to
communicate with
Radius Server
Revise (if necessary) the maximum number of times for the switch to retransmit a Radius
Server frame before it times out the authentication session. The available range is between
0 - 100.
Time to wait for
Radius Server to reply
Revise (if necessary) the maximum time (in seconds) the switch waits for the Radius Server’s
acknowledgment of authentication request packets before the switch times out of the
session. The configurable range is between 1 - 1000 seconds.
Encryption key shared
with Radius Server
Enter the encryption key the switch and Radius Server share and must validate before the user
based authentication provided by the Radius Server can be initiated.