RADIUS / RADIUS as authenticator or network access server (NAS)
Parent topic: RADIUS as authenticator or network access server (NAS)

Dial-in using a public spot and RADIUS

When configuring a Public Spot (enable using software option for the access points, also see Public Spot), user registration data can be forwarded to one or more RADIUS servers. These are configured in the provider list. The registration data individual RADIUS servers require from the clients is not important to the access point since this data is passed on transparently to the RADIUS server.





The configuration is performed in LANconfig under Public Spot > Users > Users and RADIUS servers > RADIUS server.

Name
Name of the provider for whom the RADIUS server is defined.
Backup provider
The name of a different provider can be selected as the backup from the current table. Using these types of entries, backup chains linking several RADIUS servers can be easily configured.
Important: The generic values for retry and timeout must also be configured.
Authentication server
Auth. server address
Enter the IP address (IPv4, IPv6) or the hostname of the RADIUS server for this provider.
Auth. server port
The port over which the access point can communicate with the RADIUS server for this provider.
Auth. server attribute values
Here you can assign user-defined values to RADIUS attributes. The individual name-value pairs must have the form <Name>=<Value>, and they are separated by semicolons. <Name> identifies the RADIUS attribute by its name or number. The associated attribute names can be found in the corresponding RADIUS RFCs. Attribute names can be abbreviated as long as the identifiers are unequivocal. As the number of characters is limited, the name can abbreviated. The abbreviation must be unique, however. Examples:
  • NAS-Port=1234 is not allowed, because the attribute is not unique (NAS-Port, NAS-Port-Id or NAS-Port-Type).
  • NAS-Id=ABCD is allowed, because the attribute is unique (NAS-Identifier).
Attribute values can be used to specify names or RFC-compliant numbers. For the device , the specifications Service-Type=Framed and Service-Type=2 are identical. Specifying a value in quotation marks ("<Value>") allows you to specify special characters such as spaces, semicolons or equals signs. The quotation mark in a value requires a leading backslash (\"), as does the backslash itself (\\). It is also possible to use a number of placeholders:
  • %n – replaced by the configured device name.
  • %e – replaced with the serial number of the device as displayed in the device system info.
  • %% – replaced by a single % character.
  • %{name} – replaced by the original value of the corresponding RADIUS attribute. Any new / re-definitions within this attribute list are ignored. The identifier can be truncated as long as it remains unique.
Auth. server secret
Key (shared secret) for access to the RADIUS server of the provider. The key must also be configured on the appropriate RADIUS server.
Source address
The device automatically determines the correct source IP address for the destination network. To use a fixed source IP address instead, enter it symbolically or directly here.
Accounting server
Acc. server address
Enter the IP address (IPv4, IPv6) or the hostname of the RADIUS accounting server for accessing the Public Spot.
Acc. server port
The port used by the access point to communicate with the accounting server.
Acc. attribute values
Here you can assign user-defined values to RADIUS attributes. The individual name-value pairs must have the form <Name>=<Value>, and they are separated by semicolons. <Name> identifies the RADIUS attribute by its name or number. The associated attribute names can be found in the corresponding RADIUS RFCs. Attribute names can be abbreviated as long as the identifiers are unequivocal. As the number of characters is limited, the name can abbreviated. The abbreviation must be unique, however. Examples:
  • NAS-Port=1234 is not allowed, because the attribute is not unique (NAS-Port, NAS-Port-Id or NAS-Port-Type).
  • NAS-Id=ABCD is allowed, because the attribute is unique (NAS-Identifier).
Attribute values can be used to specify names or RFC-compliant numbers. For the device , the specifications Service-Type=Framed and Service-Type=2 are identical. Specifying a value in quotation marks ("<Value>") allows you to specify special characters such as spaces, semicolons or equals signs. The quotation mark in a value requires a leading backslash (\"), as does the backslash itself (\\). It is also possible to use a number of placeholders:
  • %n – replaced by the configured device name.
  • %e – replaced with the serial number of the device as displayed in the device system info.
  • %% – replaced by a single % character.
  • %{name} – replaced by the original value of the corresponding RADIUS attribute. Any new / re-definitions within this attribute list are ignored. The identifier can be truncated as long as it remains unique.
Acc server secret
Key (shared secret) for access to the accounting server. The key must also be configured on the accounting server.
Source address
The device automatically determines the correct source IP address for the destination network. To use a fixed source IP address instead, enter it symbolically or directly here.
Parent topic: RADIUS as authenticator or network access server (NAS)

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo