WLAN clients can use the 802.1X protocol for network registration. The access point can use this protocol to forward the registration to the RADIUS server. The MAC address is used for user identification.
The configuration is carried out with LANconfig under
.- Name
- In this table, each RADIUS server needs a unique name. The name 'DEFAULT' is reserved for WLAN networks that use an authentication process in line with IEEE 802.1X and that have not specified their own RADIUS server. By using the name defined in the 'Key 1/passphrase' field, each WLAN network using authentication in line with IEEE 802.1X can be assigned its own RADIUS server.
- Server address
- Enter the IP address (IPv4, IPv6) or the hostname of the RADIUS server used for central user management.
- Server port
- Specify here the port used for communication to your RADIUS server.
- Attribute values
-
Here you can assign user-defined values to RADIUS attributes. The individual name-value pairs must have the form <Name>=<Value>, and they are separated by semicolons.
<Name> identifies the RADIUS attribute by its name or number. The associated attribute names can be found in the corresponding RADIUS RFCs. Attribute names can be abbreviated as long as the identifiers are unequivocal.
As the number of characters is limited, the name can abbreviated. The abbreviation must be unique, however. Examples:
- NAS-Port=1234 is not allowed, because the attribute is not unique (NAS-Port, NAS-Port-Id or NAS-Port-Type).
- NAS-Id=ABCD is allowed, because the attribute is unique (NAS-Identifier).
- %n – replaced by the configured device name.
- %e – replaced with the serial number of the device as displayed in the device system info.
- %% – replaced by a single % character.
- %{name} – replaced by the original value of the corresponding RADIUS attribute. Any new / re-definitions within this attribute list are ignored. The identifier can be truncated as long as it remains unique.
- Secret
- Specify here the key to be used for coding data. The key must also be configured on the RADIUS server.
- Monitoring profile
- Here you set a profile to be used to monitor the RADIUS server for accessibility. See also Availability monitoring for external RADIUS servers.
- Backup server
- Name of the backup server from the list of RADIUS servers configured so far.
Note: The generic values for retry and timeout must also be configured.WLAN clients must be entered as follows on the RADIUS server: The user name is the MAC address in the format AABBCC-DDEEFF. The password for all users is identical to the key (shared secret) for the RADIUS server.
- Source address
- The device automatically determines the correct source IP address for the destination network. To use a fixed source IP address instead, enter it symbolically or directly here.