
Advanced Configuration AP-700 User Guide
Radius Profiles
Colon delimited/MAC: MAC addresses are formatted with a colon between each pair of digits
(xx:yy:zz:aa:bb:cc) and the password sent to the RADIUS server is the MAC address of the client.
Single dash delimited/MAC: MAC addresses are formatted with a dash between the sixth and seventh digits
(xxyyzz-aabbcc) and the password sent to the RADIUS server is the MAC address of the client.
No delimiters/MAC: MAC addresses are formatted with no characters or spaces between pairs of hexadecimal
digits (xxyyzzaabbcc) and the password sent to the RADIUS server is the MAC address of the client.
Accounting update interval: Enter the time interval (in minutes) for sending Accounting Update messages to the
RADIUS server. A value of 0 (default) means that the AP will not send Accounting Update messages.
Accounting inactivity timer: Enter the accounting inactivity timer. This parameter supports a value from 1-60
minutes. The default is 5 minutes.
Authorization lifetime: Enter the time, in seconds, each client session may be active before being automatically
re-authenticated. This parameter supports a value between 900 and 43200 seconds. The default is 0 (disabled).
Server Addressing Format: select IP Address or Name. If you want to identify RADIUS servers by name, you
must configure the AP as a DNS Client. See DNS Client for details.
Server Name/IP Address: Enter the server’s name or IP address.
Destination Port: Enter the port number which the AP and the server will use to communicate. By default,
RADIUS servers communicate on port 1812.
Server VLAN ID: Indicates the VLAN that uses this RADIUS server profile. If VLAN is disabled, this field will be
grayed out.
Shared Secret and Confirm Shared Secret: Enter the password shared by the RADIUS server and the AP. The
same password must also be configured on the RADIUS server. The default password is “public.”
Response Time (seconds): Enter the maximum time, in seconds, that the AP should wait for the RADIUS server
to respond to a request. The range is 1-10 seconds; the default is 3 seconds.
Maximum Retransmissions (0-4): Enter the maximum number of times an authentication request may be
transmitted. The range is 0 to 4, the default is 3.
Server Status: Select Enable from the drop-down box to enable the RADIUS Server Profile.
3. Click OK.
4. Select the Profile and click Edit to configure the Secondary RADIUS Server, if required.
MAC Access Control Via RADIUS Authentication
If you want to control wireless access to the network and if your network includes a RADIUS Server, you can store the list
of MAC addresses on the RADIUS server rather than configure each AP individually. You can define a RADIUS Profile
that specifies the IP Address of the server that contains a central list of MAC Address values identifying the authorized
stations that may access the wireless network. You must specify information for at least the primary RADIUS server. The
back-up RADIUS server is optional.
NOTE: Each VLAN can be configured to use a separate RADIUS server (and backup server) for MAC authentication.
MAC access control can be separately enabled for each VLAN.
NOTE: Contact your RADIUS server manufacturer if you have problems configuring the server or have problems using
RADIUS authentication.
802.1x Authentication using RADIUS
You must configure a primary EAP/802.1x Authentication server to use 802.1x security. A back-up server is optional.
NOTE: Each VLAN can be configured to use a separate RADIUS server (and backup server) for 802.1x authentication.
802.1x authentication (“EAP authentication”) can be separately enabled for each VLAN.