MSM7xx Controllers Configuration Guide v6.4.0
Server authentication support
Select the authentication protocols that the internal RADIUS server will support:
• PAP: This protocol must be enabled if any VSCs are configured to use MAC-based
authentication or HTML authentication.
• EAP-TTLS
• EAP-PEAP
• EAP-TLS
RADIUS authorization
NOTE: Applies to autonomous and third-party APs. Requests from controlled APs are always
accepted because they use the management tunnel.
Enable this option to restrict access to the RADIUS server. The RADIUS server will only respond to
requests from RADIUS clients that appear in the list, or that match the default shared secret, as
described below.
IP address
Specify the IP address of the RADIUS client. Specify the IP address of a single RADIUS client
or the address of a subnet from which client will originate.
Mask
Specify the network mask for the IP address.
• If you are adding the IP address for a single RADIUS client, then use the mask
255.255.255.255.
• If you are adding the IP address for a subnet, then specify the mask appropriate for the
subnet. For example, 255.255.255.0 for a Class-C subnet.
Shared secret
Specify the secret (password) that RADIUS client must use to communicate with the RADIUS
server.
Default shared secret
NOTE: Applies to autonomous APs only. Requests from controlled APs are always accepted
because they use the management tunnel.
Enable this option to set a shared secret to safeguard communications between the internal RADIUS
server and clients not in the RADIUS authorization list.
Shared secret/Confirm shared secret
Specify the secret (password) that controller will use when communicating with RADIUS clients
that do not appear in the RADIUS authorization list. The shared secret must match on both the
clients and the controller.
User account configuration
User accounts for the internal RADIUS server are defined using the Controller >> Users menu. See
“User authentication, accounts, and addressing” (page 331).
Using the integrated RADIUS server 363