Manualshelf

Network Router User Manual

ManualsBrandsMotorola ManualsNetwork RouterCanopy FSK and OFDM radios PMP 400
21222324252627282930
Release 11.0 Release Notes and User Guide Supplement
Issue 1, March 2011 Page 21
5.6 CONFIGURING AP AND SM FOR CENTRALIZED AP AND SM USER
NAME AND PASSWORD MANAGEMENT
5.6.1 AP Technician/Installer/Administrator Authentication
To control technician, installer, and administrator access to the AP from a centralized RADIUS
server:
1. Set Authentication Mode on the AP’s Configuration > Security tab to RADIUS
AAA as shown in Figure 5: AP's Account > User Authentication tab.
2. Set User Authentication Mode on the AP’s Account > User Authentication tab
(the tab only appears after the AP is set to RADIUS authentication) to Remote or
Remote then Local.
Local: The local SM is checked for accounts. No centralized RADIUS
accounting (access control) is performed.
Remote: Authentication by the centralized RADIUS server is required
to gain access to the SM if the SM is registered to an AP that has
RADIUS AAA Authentication Mode selected. For up to 2 minutes a
test pattern will be displayed until the server responds or times out.
Remote then Local: Authentication using the centralized RADIUS
server is attempted. If the server sends a reject message, then the
setting of Allow Local Login after Reject from AAA determines if the
local user database is checked or not. If the configured servers do not
respond within 2 minutes, then the local user database is used. The
successful login method is displayed in the navigation column of the
SM.
Either the same RADIUS server used for SM authentication and authorization can be used for
user authentication and accounting (access control), or a separate RADIUS accounting server
can be used. Indicate your network design under User Authentication Server.
If separate accounting server(s) are used, configure the IP address(es) and Shared Secret(s) in
the Accounting Server fields. The default Shared Secret isCanopyAcctSecret”. Up to 3
servers can be used for redundancy. Servers 2 and 3 are meant for backup and reliability, not
splitting the database. If Server 1 doesn’t respond, Server 2 is tried, and then server 3. If Server 1
rejects authentication, Server 2 is not tried.