WESM zl Management and Configuration Guide WT.01.28 and greater
11-36
RADIUS Server
RADIUS Accounting
• Configure the loopback interface (127.0.0.1) as a client for the internal
RADIUS server. Specify the new secret for the client. See “Adding
RADIUS Clients” on page 11-31.
9. If you want the module’s RADIUS server to periodically re-authenticate stations,
check the Re-authentication box. Then specify how often (in seconds) stations
re-authenticate in the Re-authentication Period field.
The valid range for the re-authentication period is 30 to 65535 seconds (about
18 hours). The default setting is 3600 seconds (1 hour).
10. Choose CHAP or PAP for the Authentication Protocol.
This setting determines how the Wireless Edge Services zl Module forwards
MAC authentication or Web-Auth credentials to an external server. The module’s
internal RADIUS server supports both protocols. However, if you choose PAP,
users’ passwords display in plaintext in logs. Generally, you should choose
CHAP for higher security.
11. Click the OK button.
12. On the Edit screen, click the OK button.
13. Click the Save link at the top of the Web browser interface to save the changes
to the startup-config.
RADIUS Accounting
RADIUS accounting tracks users’ activity and consumption of network resources.
NASs, such as the Wireless Edge Services zl Module, send reports that summarize
users’ activity to a centralized RADIUS accounting server. A company might analyze
the reports for security auditing and traffic management. Or the company might
submit the reports to a billing server in order to charge users for wireless access.
The Wireless Edge Services zl Module can implement RADIUS accounting in one
of two ways:
■ It can report to an external RADIUS server.
■ It can report to its internal RADIUS server.
The module can send the following messages:
■ Stop messages—when a station disconnects from a wireless LAN (WLAN)
■ Start messages—when a station connects to a WLAN
■ Interim messages—at set intervals throughout the station’s session