Configuring Global RADIUS Server Settings on the WAP131 and WAP351

Objective

A RADIUS (Remote Authentication Dial In User Service) Server is a network server that other network devices contact in order to authenticate user information. Several features require communication with a RADIUS server. For example, when you configure Virtual Access Points (VAPs) on the WAP device, you can configure security methods that control wireless client access. The Dynamic WEP and WPA Enterprise security methods use an external RADIUS server to authenticate the clients. The MAC address filtering feature, where the client access is restricted to a list, can also be configured to use a RADIUS server to control access. The Captive Portal feature also uses RADIUS to authenticate the clients.

The Global RADIUS Server Settings allow you to configure communication between the WAP and the RADIUS Servers. You can configure up to four globally available IPv4 or IPv6 RADIUS servers. One of the servers always acts as the primary server while the others act as the backup servers.

Note: In addition to using the global RADIUS servers, you can also configure certain functions of the WAP to use separate, individual RADIUS Server settings.

The objective of this document is to explain how to configure global RADIUS Server settings on the WAP131 and WAP351 access points.

Applicable Devices

• WAP131

• WAP351

Software Version

• v1.0.0.39

Configuring RADIUS Server Settings

Step 1. Log in to the web configuration utility and choose System Security > RADIUS Server. The RADIUS Server page opens:

Step 2. In the Server IP Address Type field, select the radio button for the IP version that the RADIUS server uses. The available options are IPv4 and IPv6.

The options are defined as:

• IPv4 — IPv4 (Internet Protocol version 4) is an important internet routing protocol that uses 32-bit addresses.

• IPv6 — IPv6 (Internet Protocol version 6) is the successor of IPv4 designed to combat IPv4 address exhaustion. It uses 128-bit addresses.

Note: You can toggle between the address types to configure IPv4 and IPv6 global RADIUS address settings, but the WAP device contacts only the RADIUS server or servers with the address type that you select in this field. For example, you can’t have a primary IPv4 server with IPv6 backups, or vice-versa.

Step 3. In the Server IP Address field, or Server IPv6 Address field, enter either an IPv4 or IPv6 address for the global RADIUS server depending on the address type you chose in Step 2.

Note: Addresses entered in first entry correspond to your primary global RADIUS server. Addresses entered in subsequent entries correspond to backup RADIUS servers that will be tried in sequence if authentication fails with the primary server.

Step 4. In the Key field, enter the shared secret key corresponding to your RADIUS server(s) that the WAP device uses to authenticate to the RADIUS server. You can use from 1 to 64 standard alphanumeric and special characters.

Note: The keys are case sensitive and must match the key configured on the RADIUS server.

Step 5. In the Authentication Port field, enter the port that the WAP uses to connect to the corresponding RADIUS server(s).

Note: Repeat Steps 3-5 for every secondary RADIUS server in your network that you want the WAP to communicate with.

Step 6. Check the Enable RADIUS Accounting check box to enable tracking and measuring of the resources a user has consumed (system time, amount of data transmitted, etc.). Checking this check box will enable RADIUS accounting for the primary and backup servers.

Step 7. Click Save.