Specifications

ManualsBrandsADTRAN ManualsComputer equipmentBlueSecure Controller

121

122

123

124

125

126

127

128

129

130

The BSC Internal 802.1x Authentication Server

BlueSecure™ Controller Setup and Administration Guide 6-21

or TTLS Protocol and pass the inner authentication protocol on to an external RADIUS

server or the BSC’s own local user database for user authentication.

To configure the BSC’s Internal 802.1x Authentication Server:

Edit the Local

802.1X

Authentication

server page

1. Click the User authentication tab in the BSC administrator console.

2. Click the Internal 802.1x Authentication tab on the Users page.The Edit the Local

802.1X Authentication server page appears as shown in Figure 6-8.

Local 802.1X

Authentication

server settings

1. Enable server: The Enable checkbox is marked by default to make the server

available for user authentication.

2. Port: Enter the Port number on which the BSC will listen for 802.1x requests from APs.

)

Note: Your access points must be configured with the BSC as their RADIUS server

and send requests on the same port number that you enter here.

3. AP Shared Secret: Enter the Shared Secret the AP uses to send 802.1x requests.

4. Confirm: Re-enter the Shared Secret.

External RADIUS

Server Settings

Optional. Complete this step only if you are going to pass the inner authentication

protocols to an External RADIUS Server for authentication.

1. Enter the RADIUS address (IP) of the RADIUS server. If the field is blank, the protected

IP address of the BSC is assumed for Internal 802.1x configuration.

2. Enter the External RADIUS Server Port number to which to send authentications

requests in the Port field.

3. Enter the Shared Secret the External RADIUS Server uses for communication in the

Shared Secret field. Re-enter the Shared secret in the Confirm field.

Backup RADIUS

Server Settings

Optional. Enter Backup RADIUS Server Settings only if you have configured an External

RADIUS Server for authentication in the previous step and you have a backup RADIUS

server to which you are going to pass the inner authentication protocols should the

primary RADIUS server fail or otherwise lose communications with the BSC.

1. Enter the IP address of the RADIUS server in the RADIUS address field. If blank, the

protected IP address of the BSC is assumed for Internal 802.1x configuration.

2. Enter the External RADIUS Server Port number to which to send authentications

requests in the Port field.

3. Enter the Shared Secret the External RADIUS Server uses for communication in the

Shared Secret field. Re-enter the Shared secret in the Confirm field.

LDAP Settings Optional. In most cases, using 802.1x authentication requires a RADIUS server (e.g.

Cisco ACS, Funk, Microsoft Active Directory with IAS). However, if your organization has

LDAP authentication deployed and does not wish to alter it’s authentication methodology,

select the Authenticate Against Local Users radio button to indicate that 802.1x

Authentication should be performed against an LDAP database. Selecting this radio

button also requires that you specify LDAP settings:

1. Check the Use LDAP instead of BSC Local DB checkbox.

2. Select the LDAP server to authenticate against from the drop-down, or select Create to

go to the New LDAP/Active Directory server page.

3. Enter the LDAP Password Attribute Name.To authenticate against an LDAP server, the

Bluesocket Controller relies on a readable attribute containing the MD4 hash of the

user’s password; it will not authenticate if the LDAP server stores the user password in

clear text. Several LDAP servers, such as OpenLDAP, support such an attribute by

default (OpenLDAP uses the ntpassword attribute).