05-2806A01, Rev. H
iNET Series Reference Manual
83
Operation of Device Authentication
Device authentication forces the radio to authenticate before allowing
user traffic to traverse the wireless network. When Device Security is
configured to use RADIUS as the Authentication Method, Remote
radios need three types of certificates: public (client), private, and root
(Certificate Authority). These files are unique to each Remote radio and
need to first be created at the server and then installed into each unit via
TFTP. The certificate files must be in DER format.
Device authentication uses the serial number of each radio as the
Common Name (CN) in its certificate and in its RADIUS identity field.
Each Access Point
and
Remote radio must be identified/recognized by
the RADIUS Server through the Common Name (Serial number) and IP
address entries.
NOTE:
Consult your RADIUS network administrator for assistance in
configuration, or for help with other issues that may arise.
To activate device authentication, select
Device Auth Method
and set
RADIUS
as the active mode. The behavior of this setting differs
depending on whether it is implemented on an Access Point or a Remote
transceiver. An explanation of these behaviors is given below:
Access Point:
When
Device Auth Method
is set to
RADIUS
, the AP disasso-
ciates all associated Remotes and waits for the RADIUS Server to
Authenticate the Remotes before allowing data to be passed from them.
When approval is received from the RADIUS Server, data from the
Remote is allowed to pass.
Remote:
When
Device Auth Method
is set to
RADIUS
, the Remote halts any
data it is passing, and requests Authentication from the RADIUS Server.
If accepted, data is allowed to be transmitted.
Operation of User Authentication
When user authentication is set to
Local
or
RADIUS
, you must enter a
valid user name and password before being allowed to manage the radio.
In
RADIUS
mode both of these fields may be up to 40 characters long. In
Local
mode the user name is
iNET
and the password may be up to 8 char-
acters long.
When set to
RADIUS
,
all
logins to the local configuration services are
required to be authenticated via the RADIUS Server, including telnet
and SSH (Secure Shell) sessions. Authentication must be accepted
before access to the radio menu is granted.
Summary of Contents for MDS iNET-II 900
Page 12: ...2 iNET Series Reference Manual 05 2806A01 Rev H...
Page 32: ...22 iNET Series Reference Manual 05 2806A01 Rev H...
Page 122: ...112 iNET Series Reference Manual 05 2806A01 Rev H...
Page 124: ...114 iNET Series Reference Manual 05 2806A01 Rev H...
Page 136: ...126 iNET Series Reference Manual 05 2806A01 Rev H...
Page 138: ...128 iNET Series Reference Manual 05 2806A01 Rev H...
Page 162: ...152 iNET Series Reference Manual 05 2806A01 Rev H...
Page 164: ...154 iNET Series Reference Manual 05 2806A01 Rev H...
Page 174: ...164 iNET Series Reference Manual 05 2806A01 Rev H...
Page 182: ...172 iNET Series Reference Manual 05 2806A01 Rev H...