WESM zl Management and Configuration Guide WT.01.03 and greater

11-11

RADIUS Server

RADIUS Authentication

Depending on your choice, you must complete one of the following tasks:

■ configure the local database (see “Configuring the Local RADIUS Data-

base” on page 11-12)

■ configure LDAP server settings and at least one group in the local database

(see “Using LDAP for the Data Source” on page 11-19)

Table 11-3 explains the requirements for configuring credentials for each EAP

method, depending on whether the Wireless Edge Services zl Module uses its

local database or an LDAP server for the data store.

Table 11-3. Requirements for Credentials Depending on EAP Method

EAP Method Requirement for Credentials in Local

Database

Requirement for Credentials on LDAP Server

EAP-TLS • Server certificate loaded on the module

• Host certificates (issued by the same CA)

loaded on the wireless stations

• CA certificate loaded on both the module

and stations

• Usernames submitted with host

certificates added to the module’s local

RADIUS database

• Server certificate loaded on the module

• Host certificates (issued by the same CA)

loaded on the wireless stations

• CA certificate loaded on both the module

and stations

• Host certificate loaded in the user

account on the LDAP server

EAP-TTLS with MD5 • Server certificate loaded on the module