Network Router User Manual
Release 11.0 Release Notes and User Guide Supplement
Issue 1, March 2011 Page 14
5.1.2 Tested RADIUS Servers
The Canopy RADIUS implementation has been tested and is supported on
o FreeRADIUS, Version 2.1.8
o Aradial RADIUS, Version 5.1.12
Note, Aradial 5.3 has a bug that prevents “remote device login”, so doesn’t support
the user name and password management feature.
5.2 CONFIGURING AP AND SM FOR RADIUS SM AUTHENTICATION
Configuring Canopy for RADIUS authentication requires configuring both the AP and the SMs.
5.2.1 AP - Choosing Authentication Mode and Configuring for Authentication
Servers
On the AP’s Configuration > Security tab as shown in Figure 2: AP's Configuration > Security tab,
select the RADIUS AAA Authentication Mode. The following describes the other
Authentication Mode options for reference, and then the RADIUS AAA option.
Disabled
Requires no authentication. Any SM (except an SM that itself has been configured to require
RADIUS authentication by enabling Lock AAA as described below) will be allowed to register to
the AP.
Authentication Server (BAM)
Authentication Server in this instance refers to BAM. Authentication with BAM will be required for
an SM to register to the AP. Only SMs listed by MAC address in the BAM database will be
allowed to register to the AP.
When Authentication Server is selected, up to 5 Authentication Server (BAM) IP addresses
can be configured. The IP address(es) configured here must match the IP address(es) of the
BAM(s).
AP Pre-Shared Key
Canopy offers a pre-shared key authentication option. In this case, an identical key must be
entered in the Authentication Key field on the AP’s Configuration > Security tab and in the
Authentication Key field on each desired SM’s Configuration > Security tab.
RADIUS AAA
To support RADIUS authentication of SMs, on the AP’s Configuration > Security tab select
RADIUS AAA. Only properly configured SMs with a valid certificate will be allowed to register to
the AP.