Dial-in using 802.1X and RADIUS

WLAN clients can use the 802.1X protocol for network registration. The access point can use this protocol to forward the registration to the RADIUS server. The MAC address is used for user identification.





The configuration is carried out with LANconfig under Wireless LAN > 802.1X > RADIUS servers.

Name
In this table, each RADIUS server needs a unique name. The name 'DEFAULT' is reserved for WLAN networks that use an authentication process in line with IEEE 802.1X and that have not specified their own RADIUS server. By using the name defined in the 'Key 1/passphrase' field, each WLAN network using authentication in line with IEEE 802.1X can be assigned its own RADIUS server.
Server address
Enter the IP address (IPv4, IPv6) or the hostname of the RADIUS server used for central user management.
Server port
Specify here the port used for communication to your RADIUS server.
Attribute values
Here you can assign user-defined values to RADIUS attributes. The individual name-value pairs must have the form <Name>=<Value>, and they are separated by semicolons. <Name> identifies the RADIUS attribute by its name or number. The associated attribute names can be found in the corresponding RADIUS RFCs. Attribute names can be abbreviated as long as the identifiers are unequivocal. As the number of characters is limited, the name can abbreviated. The abbreviation must be unique, however. Examples:
  • NAS-Port=1234 is not allowed, because the attribute is not unique (NAS-Port, NAS-Port-Id or NAS-Port-Type).
  • NAS-Id=ABCD is allowed, because the attribute is unique (NAS-Identifier).
Attribute values can be used to specify names or RFC-compliant numbers. For the device , the specifications Service-Type=Framed and Service-Type=2 are identical. Specifying a value in quotation marks ("<Value>") allows you to specify special characters such as spaces, semicolons or equals signs. The quotation mark requires a leading backslash (\"), as does the backslash itself (\\). It is also possible to use a number of placeholders:
  • %n – replaced by the configured device name.
  • %e – replaced with the serial number of the device as displayed in the device system info.
  • %% – replaced by a single % character.
  • %{name} – replaced by the original value of the corresponding RADIUS attribute. Any new / re-definitions within this attribute list are ignored. The identifier can be truncated as long as it remains unique.
Secret
Specify here the key to be used for coding data. The key must also be configured on the RADIUS server.
Monitoring profile
Here you set a profile to be used to monitor the RADIUS server for accessibility. See also Availability monitoring for external RADIUS servers.
Backup server
Name of the backup server from the list of RADIUS servers configured so far.
Note: The generic values for retry and timeout must also be configured.
WLAN clients must be entered as follows on the RADIUS server: The user name is the MAC address in the format AABBCC-DDEEFF. The password for all users is identical to the key (shared secret) for the RADIUS server.
Source address
The device automatically determines the correct source IP address for the destination network. To use a fixed source IP address instead, enter it symbolically or directly here.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo