RADIUS / RADIUS as authenticator or network access server (NAS)
Parent topic: RADIUS as authenticator or network access server (NAS)

Dial-in using WLAN and RADIUS

When using a RADIUS server for the authentication of WLAN clients, the RADIUS server uses the MAC address to check client authorizations.





Note: To use the RADIUS functionality for WLAN clients, go to the LEPS-MAC section and select the option Transfer data from the listed stations, authenticate all other data via RADIUS or filter it out.

The configuration is carried out with LANconfig under Wireless LAN > Stations/LEPS. The RADIUS server settings located there specify how the RADIUS server can be reached. Under RADIUS backup server settings the backup server is configured in the same way.





Server address
Enter the IP address (IPv4, IPv6) or the hostname of the RADIUS server used for central user management.
Server port
Specify here the port used for communication to your RADIUS server (default: 1,812).
Attribute values
LCOS facilitates the configuration of the RADIUS attributes used to communicate with a RADIUS server (for authentication and accounting). The attributes are specified in a semicolon-separated list of attribute numbers or names along with a corresponding value in the following form: <Attribute_1>=<Value_1>;<Attribute_2>=<Value_2> As the number of characters is limited, the name can abbreviated. The abbreviation must be unique, however. Examples:
  • NAS-Port=1234 is not allowed, because the attribute is not unique (NAS-Port, NAS-Port-Id or NAS-Port-Type).
  • NAS-Id=ABCD is allowed, because the attribute is unique (NAS-Identifier).
Attribute values can be used to specify names or RFC-compliant numbers. For the device , the specifications Service-Type=Framed and Service-Type=2 are identical. Specifying a value in quotation marks ("<Value>") allows you to specify special characters such as spaces, semicolons or equals signs. The quotation mark in a value requires a leading backslash (\"), as does the backslash itself (\\). The following variables are permitted as values:
%n
Device name
%e
Serial number of the device
%%
Percent sign
%{name}
Original name of the attribute as transferred by the RADIUS application. This allows attributes to be set with the original RADIUS attributes, for example: Called-Station-Id=%{NAS-Identifier} sets the attribute Called-Station-Id to the value with the attribute NAS-Identifier.
Secret
Specify here the key to be used for coding data. The key must also be configured on the RADIUS server.
Backup server address
Enter the IP address (IPv4, IPv6) or the hostname of the backup RADIUS server used for central user management.
Backup server port
Specify here the port used for communication to your backup RADIUS server (default: 1,812).
Source address
The device automatically determines the correct source IP address for the destination network. To use a fixed source IP address instead, enter it symbolically or directly here.
Parent topic: RADIUS as authenticator or network access server (NAS)

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo